Mature organizations are increasing their reliance on risk assessments to gain an enterprise-wide view of their security risks. As regulations like Sarbanes-Oxley, PCI, and HIPAA continue to push organizations to perform security risk assessments, it's become increasingly important to have these risk assessments done. Based on years of experience assessing entire security programs, Dara Security has developed a suite of offerings around its risk equation to help clients understand where they truly stand in terms of security risk.
Our Framework provides clients with a true assessment of their security risk. A Risk Assessment can help meet PCI, Meaningful Use, and other regulatory requirements and in fact is a requirement of each of these.
A Risk Assessment will provide an organization with a holistic view of its information security risks and a Framework for maintaining their security. This provides security with much greater visibility among executive leadership and places security risks in proper context with other business risks like liquidity, supply chain management, and reputation.
Many regulations have begun to more narrowly define what they look for in a risk assessment…the “finger to the wind” assessments of the past are no longer sufficient. Dara Security's PCI auditors (QSAs) have reviewed the PCI Council's recent risk assessment guidance to ensure that our assessment aligns with and meets PCI requirements. Additionally, our assessment has been aligned with the ISO 27005 framework and can be used to meet Meaningful Use and other risk assessment requirements.
Dara Security consultants have experience with a wide variety of Risk Assessment methodologies including FAIR, OCTAVE, NIST, and ISO 27005. Our practice aligns ratings with the CVSS vulnerability rating system. Our audit practice contains consultants with years of experience performing HIPAA, PCI, ISO 27002, and many other control assessments. Dara Security consultants have assisted numerous clients in performing Threat Assessments, as well as pulling together Threat, Vulnerability, and Control data to identify a client's residual risk.