ASSESS
Helping our customers identify and manage risk is the cornerstone of VIOPOINT’s mission. By understanding where risk resides and engaging business stakeholders in decision making, we help clients overcome the common misconception that security is a roadblock. We offer a variety of assessment services geared towards organizations that want an objective third party to help them evaluate risk. Many of our offerings include assessment tools and methodologies that can be implemented into your environment, ultimately transforming them into a self-sustainable and repeatable part of your ongoing security program.
Compliance
For organizations that are subject to regulations such as HIPAA, SOX, NERC, FISMA and others, compliance can be a challenging area to manage. VIOPOINT employs a structured approach that combines the knowledge of our security consultants with the capabilities of Modulo’s Risk Manager Software (www.modulo.com). Risk Manager can easily map your best practice assessment results to numerous industry standards, frameworks, control objectives (NIST, ISO 27001/27002, COBIT, etc) and regulations. The tool provides an efficient management framework to support compliance initiatives and secures the results in a centralized hardened database.
Controls-based Risk Assessment
Organizations that are not subject to regulations may still want to measure risk using an industry-recognized approach. Common risk-based standards and frameworks provide a best practice foundation that can be used to assess risk. VIOPOINT will help you select the appropriate approach and leverage our structured assessment methodology to conduct an accurate review that is suited to your specific needs.
VIOPOINT‘s approach to assessing risk provides organizations with an efficient and manageable means to accomplish this goal. We will help you establish a baseline, make informed mitigation decisions, and ensure that future assessments reflect program objectives. By leveraging the capabilities of Modulo Risk Manager, we deliver a thorough and efficient assessment of your technology, processes, employees, and facilities. At the conclusion of our assessments, we provide the option to deploy Risk Manager in your environment so that remediation activities, risk profile changes, and future self-assessments can all be tracked in one easy-to-use software application.
Network Vulnerability Assessment
The network infrastructure can represent a significant portion of your organization’s risk due to poorly configured systems, unpatched hosts and other deficiencies. VIOPOINT uses a collection of industry leading tools to scan and assess the vulnerabilities in your network. We assess your network both externally and internally to provide your organization with a network-based risk profile. Our industry exerpience and best practice approach incorporates an additional step to analyze scan results and eliminate false positives. This step goes above and beyond traditional “point and click” scanning projects by providing you with accurate results and delivers truly actionable recommendations. As part of the overall engagement, VIOPOINT can implement the very tools we used and provide security staff members with the education on network scanning best practices. This allows you to sustain your own ongoing assessment schedule as part of an overall information security program.
