Risk Analysis and Security Audit
Some questions to You:
- Are your organization aware of major risks that could affect the business bottom line?
- Do you have procedures in place to identify, assess and act upon new risks?
- If so, is the process reviewed and found relevant, efficient and cost-effective?
If your answer all three questions yes - Congratulations,
(you are not alone and probably a customer to Norendal International).
If not - donít cry, but do something about it - for example: contact us.
Norendal International offer a pragmatic analysis based on your reality and capacity. All analysis demands participation from your organization, in various extent. By identifying and utilize driving forces, the organization is happy to take part in the analysis.
Depending on your situation and needs, we tailor a comprehensive analysis on an overarching or detailed level, choosing suitable tools. The analysis is based upon an standard accepted in your organization or best practice.
To assess compliance to an approved security level or standard in your organization Norendal International identify compliance and noncompliance of your infrastructure and information on all levels of security (physical, network, host systems, applications, organization and procedures etc.).
A comprehensive report is issued upon completion of the audit. Recommendations and advice are provided based upon audit findings to ensure and enhance information integrity, confidentiality, and availability.
Tools and Methodologies
Our experience cover a wide range of tools and methods, making it possibly to choose the right tool and method to best suits your needs.
Examples of tools, standards and methodologies used:
- ISO/IEC 17799 (BS 7799, SS 627799),
- ISO 9001,
- MQR Methodology,
- COBIT (ISACA, IT Governance Institute),
- SBA Check, the SBA Method,
- SBA Scenario, the SBA Method,
- SBA Project, the SBA Method,
- FIRM, ISF,
- SARA, ISF,
- OSCAR, ISF,
- SPRINT, ISF,
- ISSS (Information Security Status Survey, ISF),
- The Forumís Standard of Good Practice (the standard for information security, ISF)