The overall objective of an Information Security Audit is to evaluate the controls over information technology that are in place and make recommendations for improvement.
One of the most important and critical reasons for conducting a security audit is to ensure that the efforts spent on security is coherent with business objectives ultimately yielding cost effective benefits. Although this may seem obvious, it is possible that efforts might go off the requisite target missing out on the key areas where the effort is needed. The objective of Security Audit is to find out the vulnerabilities that an organization is facing with its IT infrastructure.
Deliverables for Audit Service
Analysis of the gaps in the security policy via standards like BS7799, SANS etc.
Severity of risk
Recommendations to plug the gaps
Action plan to plug the gaps
It is becoming increasingly critical that information security is given the attention and level of importance it deserves. Most organizations are now absolutely dependent upon their information and business systems, so much so that serious disruption can mean disaster or critical loss. ISO27001/BS-7799 is the only internationally accepted worldwide standard/code dealing comprehensively with these issues.
The British Institute has suggested the Plan – Do – Check – Act methodology for implementation of the BS-7799 standard, in line with other management standards like Quality Management System and Environmental Management System.
Adept has developed a unique methodology for implementation of BS-7799 controls by breaking down the entire PDCA cycle in 5 distinct phases. Adept’s unique
5 phase methodology to attain compliance to BS-7799 standards is as follows:
Phase I: Information Security Profiling: It identifies the gaps in security vis-à-vis BS-7799 standard
Phase II: Information Security Prescription: It suggests the security measures, including administrative, physical, and technical controls
Phase III: Information Security Treatment: In this phase, the security measures are implemented
Phase IV: Information Security Vigil: Here, the implementation is monitored to ensure that the security measures are effective in mitigating the risks and ensuring security of the information assets.
Phase V: Information Security Certification: Successful implementation of the previous phases leads to the final phase of Security Certification.
Deliverables for each phase are clearly defined to achieve repeatability and multi-location implementation by multiple teams. The time bound schedule helps in tight project management control ensuring the project timeliness and process quality.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad reform of the healthcare industry. Within the regulation, the Administration Simplification section has a significant impact on IT and Information Security departments, as well as healthcare software application vendors. Adept ISM products assist healthcare organizations in complying with HIPAA's Privacy and Security Rules-a component of Administration Simplification-to ensure the confidentiality, integrity and availability of a patient's protected health information. By streamlining your organization's business processes to incorporate HIPAA's requirements, Adept ISM products improve business continuity and operational efficiency, helping to reduce your costs of complying with the Act.