Premium Security Assessment
The Premium Security Assessment Blueprint is designed for larger companies and those with compliance needs. Compliance requires not only an Annual Risk Analysis, but also proof of on-going efforts. The Premium level provides a framework for how to demonstrate and document on-going efforts. The Premium level assessment can be performed using either the HIPAA or PCI Compliance module (or both in situations where you have larger healthcare clients).
On a quarterly basis, an on-site visit with an Inspector appliance is required to perform the Internal Vulnerability and Layer 2/3 scan as well as performing the on-site survey.
The cost to implement the Premium Blueprint varies greatly with the size of the organization. Most of the effort will consist of performing the annual Risk Analysis (8+ hours annually), quarterly Inspector scans (8 hours annually), and monthly scans (1 hour monthly).
1. Go on-site.
2. Perform complete HIPAA or PCI Compliance assessments.
1. Remote onto a server or workstation in the client’s network.
2. Perform the HIPAA and PCI scans for use with the Risk Profiles (utilizing worksheets from the previous annual assessment).
1. Go on-site.
2. Connect the Inspector appliance.
3. Initiate an Internal Vulnerability Scan.
4. After scan completion, remove the Inspector.
Report Review and Delivery
Reports will should be generated per the blueprint based on the frequency. The Initial/Annual and Quarterly reviews will be done interactively either in person or online. Monthly reports can be delivered electronically to your client and reviewed as needed. On a monthly basis, our Iron Defence Security Consultant will review the set of generated reports, focusing mostly on the change reports, and looking for new issues in the Management Plans. For compliance purposes, all primary and supporting reports will be archived.