Service Description

Overview

This service has been developed for organisations in which there is a need for the IT infrastructure (particularly business servers) to comply with various regulatory standards such as ISO27001, PCI DSS or other standards, but where the organisation is either lacking in the requisite knowledge or sufficient resources (or both) to achieve such compliance.

Using the market leading Assuria Auditor software package in use in more than 375 major organisations worldwide, this service will deliver an initial assessment of the current state of up to 3 representative sample servers in relation to the required standard, providing a clear understanding of the current level of compliance of the sample systems and a good appreciation of the likely effort required to achieve full compliance.

Deliverables

The ITSec CSS service will provide the following deliverables:-

• A management summary report indicating the current level of compliance to the required standard of the target systems;
• A detailed report for each system showing each area of non-compliance, the implications of the non-compliance and a clear English language description of how to correct them;
• The report will also highlight general areas of poor security practice and known vulnerabilities discovered;
• A senior management presentation on the outcome of the service and suggested next steps.

Dependencies

The ITSec CSS service is applied to fully operational systems and does not require target systems to be shut down or for normal operations to be affected.  The service does require the following:-

• System administrator assistance for installation of a small software agent on the target systems;
• Server access via a desktop or laptop system (can be an existing Sysadmin PC or a laptop provided by the Assuria Consultant);
• Access to responsible system/security administration personnel;
• Access to IT management for presentation of findings.

Duration

Duration is 3 days elapsed (2 on site).