Assessment and Certification

At Taranet, we have collapsed several industry standards into a comprehensive holistic assessment and certification program that protects organizations at every level (organization, business process and information system) that are scalable to every organization. We apply a risk-based strategy to all our assessment and certification efforts. We’ll evaluate your Risk Management Strategy by assessing how your organization assess’, responds to, and monitors information security risk. In addition, we can help you determine your risk tolerance or your level of uncertainty that is acceptable. Finally, based off the previous information, we will assess the effectiveness of the security controls implemented to mitigate your security risk to an acceptable level.

Currently, our services include:

Assessments

 
Assessment

Security Status Assessment

A low-cost “Quick Look Report”, the Security Status Assessment is a basic assessment of your system executed by running a diagnostic test, performing employee interviews and reviewing your existing security documentation. We provide your organization with a security status report highlighting any areas that can be improved upon. This assessment can be scheduled at regular intervals to verify adherence to compliance requirements.

Risk Assessment

Taranet analyzes the results of a Security Status Assessment against current threats to ascertain a risk priority to vulnerabilities. The results of this report allow the client to prioritize distribution of resources for corrective action to bring or maintain risks within acceptable risk tolerance.

Certifications

 
Certifications  
 

According to an Ovum study, 80% of Bring Your Own Device (BYOD) activity is going unmanaged.

Federal Information Security Management Act (FISMA) Compliance

Utilizing several NIST Special Publications (800-37, 800-39, 800-53, and 800-60), Taranet evaluates your compliance with the Federal Information Security Management Act.

Health Insurance Portability and Accounting Act (HIPAA) Compliance

Utilizing NIST Special Publications (800-37, 800-39, 800-53, 800-60, and 800-66), Taranet comprehensively assesses your information security program for safeguarding Public Health Information (PHI) and HIPAA compliance.

Gramm-Leach-Bliley Act (GLBA) IT Compliance

The Gramm-Leach-Bliley Act (AKA The Financial Modernization Act of 1999) was enacted to control the ways that financial institutions utilize personal information. Taranet verifies compliance with “The Safeguards Section”, which requires financial institutions to implement an information security program.

Sarbanes-Oxley (SOX) IT Compliance

Sections 302, 404 and 409 of the Sarbanes-Oxley Act, require public companies to implement proper information security controls. Utilizing industry standards for information security, Taranet evaluates your information security program and verifies that you are in compliance with the Sarbanes-Oxley act.

Other Services

 
Other Services  
 
 
 

According to a 2010 survey from Ernst & Young, only 30% of companies reported that they have an IT Risk Management program in place that addresses the increasing risks related to the use of new technologies.

Security Correction Plan

Taranet prepares a plan for correcting or mitigating current vulnerabilities, as identified in the Security Status Assessment. This plan includes specific technologies recommended, implementation procedures, and expected results.

Risk Management Roadmap

Taranet prepares a strategic plan for the client to maintain acceptable security status and keep risk within identified tolerance. This comprehensive plan includes configuration management procedures, monitoring techniques, routine checks, plan exercises, assessment frequency, personnel requirements, and recommended tools.

Disaster Recovery Planning

Taranet prepares a customized Disaster Recovery Plan (DRP) for the client. This plan includes a list of potential disasters that may impact the client’s business and detailed procedures for how to respond to each, in order to keep the business going. Also included is a schedule and procedures for exercising the plan.

Disaster Recovery Exercises

Taranet prepares a disaster scenario and walks the client through the exercise of the DRP. This onsite exercise is scaled to the customer’s size and business, and may include transferring network operations to an alternate site temporarily. The client leads the exercise and manages employees, as Taranet guides client leadership in a full- scale training event on how to respond to an unexpected crisis.

Comprehensive Risk Management Strategy

Taranet customizes a Risk Management Strategy to enable the client to manage security risk across the enterprise based on established principles. This 360 degree comprehensive strategy encompasses not only the breadth of the organization, but the depth as well. All tiers of the organization (- technical, operational, and managerial) are included. In the initial activity, known as framing risk, Taranet collaborates with the client to establish key risk management parameters that address how the organization intends to assess risk, respond to risk, and monitor risk. The Risk Management Strategy makes explicit the specific assumptions, constraints, risk tolerances, priorities, and trade-offs used within organizations for making investment and operational decisions. The resulting document will become the client’s foundation for assessing risk, responding to risk changes, and monitoring risk for the entire company. More information on this service can be found in the NIST Special Publication (SP) 800-39.