Risk Assessments

7 Minute Security will partner with you to help formulate – and execute – a measurable remediation plan for gaps in your administrative, physical and technical controls.

Administrative Security Controls

This section focuses on the “people part” of security – primarily the policies and procedures put into place to help guide how employees deal with the organization’s sensitive information. We will help you assess the effectiveness of your existing policies, work with you to improve them as necessary, and write new policies if needed..

Physical Security Controls

In this section, your organization’s physical controls will be evaluated.  Some examples of these controls include:

  • Cameras

  • Door locks

  • Fences

  • Guards

  • Smart cards

Technical Security Controls

The technical controls review will give you a holistic view of your internal and external network from a security standpoint, and include some or all of the following:

  • Vulnerability scanning

  • Review of Active Directory policies and security configuration against Microsoft best practices

  • Wireless audit for proper configuration and encryption, as well as a password strength analysis

Methodology

Evaluate

7 Minute Security will conduct an information security assessment that evaluated the presence and adequacy of security controls in 8 domains:

  • Governance and Risk Management

  • Personnel Management

  • Asset Management

  • Identity and Access Management

  • Physical Security

  • System and Communication Protection

  • System Integrity Management

  • Recovery and Response Management

Measure

Performance in each objective was evaluated to a maturity rating of one to four, with four being the most mature. While each objective has specific actions and programmatic milestones defined for each maturity rating, the maturity levels are summarized as follows:

  • Level 1: Security processes are either absent or ad-hoc; processes that are present are not well documented and at grave risk of dissolution if key personnel are lost.

  • Level 2: Basic security processes are in place, however these processes lack automation and may not be well-documented, placing them at risk if key personnel are lost.

  • Level 3: Security processes are well documented and repeatable. Processes are periodically tested or audited to ensure desired security outcomes are achieved.

  • Level 4: Security processes are regularly evaluated to identify opportunities for continuous improvement. Active monitoring is in place to identify and investigate potential indicators of compromise.

Deliver/Discuss

7 Minute Security will create and deliver (live or via Zoom) one or more reports depending on your needs and goals:

  • Full report

  • Executive summary

  • Customer-facing attestation letter (summarizes the assessment, maturity scores and findings at a general, sanitized level)