GRISC

A holistic approach to Governance Risk Information Security Compliance (GRISC) is needed to ensure that:

  • Alignment of Governance Risk Information Security Compliance (GRISC) with the overall business strategy.
  • Assurance to the Executive of the integrity of critical controls and measures while maintaining a low probability of high impact risk events.
  • Development of risk profiles to ensure control of valid baselines.
  • Real time threat level control monitoring and alerting.

We offer the following Governance Risk Information Security Compliance (GRISC) services:

Governance

  • IT Governance audit and review
  • IT Governance remediation’s
  • Strategic Alignment projects

Risk

  • Audit and review of IT operational risks.
  • Assets – identify assets and other resources, assign assets to major asset classifications
  • Threats – identify threats to the assets and organize into threat categories
  • Vulnerabilities – identify and document potential vulnerabilities resulting from the threats
  • Impact – identify the impact to your organization and your clients, suppliers, and business partners
  • Review current Enterprise Risk Management practices and aligning the management of IT operational risks with this framework.

Information Security

  • Security architecture design and implementation
  • Security Assessments and vulnerability tests
  • Security Incident and Problem management
  • Security Remediation
  • Assisting in setting up a ISO 27001 program
  • Business Continuity / Disaster recovery planning / implementation
  • Data security review and compliance

Key technical areas we can assist with:

  • host based intrusion detection, vulnerability assessment, configuration and policy compliance, database logs, web site logs, file accesses
  • hosts for penetration testing, email scanning, spam filters
  • network intrusion detection and prevention, netflow, firewall/router/other network devices logs
  • access and identity for successful or failed logins, new users, deleted users, privilege escalation, bio-metric identities
  • web site vulnerability detection (cross site scripting, SQL injection etc.), pages visited, referred from
  • end-point monitoring such as permitted user activity, not permitted user activity, data leakage monitoring, USB usage monitoring and reporting
  • anti-virus, anti-phishing, malware detection

Compliance

  •  Audit and review of Compliance to relevant regulations

For example:

– Data Security Standards (DSS)
– Sarbanes-Oxley Act (SoX)
– Basel Accords
– Data Protection Directive (DPD)
– COBIT

  • Compliance remediation projects

Security Architecture