Information technology-based (IT) risk assessments are an integral part of any organization’s cybersecurity efforts, endeavoring to identify potential risks and vulnerabilities to the confidentiality, integrity, and availability of information, systems, or critical data. The Drummond Group’s Comprehensive Risk Assessments (CRA) offer independent examinations of IT controls according to a time-tested and customer endorsed framework that readily provides actionable guidance for reducing risk. Each CRA is carefully customized according to client industry, regulatory requirements, security and compliance goals, and business needs. With findings presented in both easily understandable, prioritized summary and detail clients can be confident in their ability to immediately address their most critical concerns first.
With the Ponemon Institute’s findings that the average cost of data breaches due to malicious or criminal attacks cost companies amounts to $159 per compromised record, taking reasonable precautions and managing organizational risk has never been more warranted.
Policies, Procedures, Standards & Guidelines
Review policies, procedures, standards and guidelines to verify they meet best practices and/or applicable compliance requirements.
Validate effectiveness of IT controls through vulnerability assessment, potential exploitation of identified vulnerabilities and additional testing such as: Wireless assessment, social engineering, network security architecture assessment, VoIP assessment, database assessment, etc.
Conduct campus walkthroughs to validate the implementation of physical and environmental security best practices.
Conduct a single assessment with the ability to map findings to virtually any standard, regulation or framework in a single report.