Assessment and Certification
Currently, our services include:
Security Status Assessment
A low-cost “Quick Look Report”, the Security Status Assessment is a basic assessment of your system executed by running a diagnostic test, performing employee interviews and reviewing your existing security documentation. We provide your organization with a security status report highlighting any areas that can be improved upon. This assessment can be scheduled at regular intervals to verify adherence to compliance requirements.
Taranet analyzes the results of a Security Status Assessment against current threats to ascertain a risk priority to vulnerabilities. The results of this report allow the client to prioritize distribution of resources for corrective action to bring or maintain risks within acceptable risk tolerance.
Federal Information Security Management Act (FISMA) Compliance
Utilizing several NIST Special Publications (800-37, 800-39, 800-53, and 800-60), Taranet evaluates your compliance with the Federal Information Security Management Act.
Health Insurance Portability and Accounting Act (HIPAA) Compliance
Utilizing NIST Special Publications (800-37, 800-39, 800-53, 800-60, and 800-66), Taranet comprehensively assesses your information security program for safeguarding Public Health Information (PHI) and HIPAA compliance.
Gramm-Leach-Bliley Act (GLBA) IT Compliance
The Gramm-Leach-Bliley Act (AKA The Financial Modernization Act of 1999) was enacted to control the ways that financial institutions utilize personal information. Taranet verifies compliance with “The Safeguards Section”, which requires financial institutions to implement an information security program.
Sarbanes-Oxley (SOX) IT Compliance
Sections 302, 404 and 409 of the Sarbanes-Oxley Act, require public companies to implement proper information security controls. Utilizing industry standards for information security, Taranet evaluates your information security program and verifies that you are in compliance with the Sarbanes-Oxley act.
Security Correction Plan
Taranet prepares a plan for correcting or mitigating current vulnerabilities, as identified in the Security Status Assessment. This plan includes specific technologies recommended, implementation procedures, and expected results.
Risk Management Roadmap
Taranet prepares a strategic plan for the client to maintain acceptable security status and keep risk within identified tolerance. This comprehensive plan includes configuration management procedures, monitoring techniques, routine checks, plan exercises, assessment frequency, personnel requirements, and recommended tools.
Disaster Recovery Planning
Taranet prepares a customized Disaster Recovery Plan (DRP) for the client. This plan includes a list of potential disasters that may impact the client’s business and detailed procedures for how to respond to each, in order to keep the business going. Also included is a schedule and procedures for exercising the plan.
Disaster Recovery Exercises
Taranet prepares a disaster scenario and walks the client through the exercise of the DRP. This onsite exercise is scaled to the customer’s size and business, and may include transferring network operations to an alternate site temporarily. The client leads the exercise and manages employees, as Taranet guides client leadership in a full- scale training event on how to respond to an unexpected crisis.
Comprehensive Risk Management Strategy
Taranet customizes a Risk Management Strategy to enable the client to manage security risk across the enterprise based on established principles. This 360 degree comprehensive strategy encompasses not only the breadth of the organization, but the depth as well. All tiers of the organization (- technical, operational, and managerial) are included. In the initial activity, known as framing risk, Taranet collaborates with the client to establish key risk management parameters that address how the organization intends to assess risk, respond to risk, and monitor risk. The Risk Management Strategy makes explicit the specific assumptions, constraints, risk tolerances, priorities, and trade-offs used within organizations for making investment and operational decisions. The resulting document will become the client’s foundation for assessing risk, responding to risk changes, and monitoring risk for the entire company. More information on this service can be found in the NIST Special Publication (SP) 800-39.