For the desired security level which is satisfying every needs of an organization, it is not enough to install a few security subsystems or to write policies, to achieve a solid security level, because security both requires a complex approach and of course, comprehensive measures.
The main purpose of the security screening is to review the physical, administrative, and logical security capabilities of any organization, processes and systems implemented, based on the thematics of the NIST SP 800-53 recommendation. It can identify risks that could compromise the functionality of the external judgment of the company, the confidentiality, integrity or availability of any activ or inactive systems and the data that being processed.
During the due diligence, we review among others:
- The already established active regulatory environment
- Organizational and organizational features
- IT asset management
- Security issues for embryonic resources
- Creation of the physical environment and the protection of its features
- The features of communication and operations
- Access management and its control
- The peculiarities of the acquisition, development and maintenance operations regarding the IT systems
- Incident, error and emergency management
- The adequacy of the required measures taken to ensure continuity of the organization operation
- The compliance with the other industry-specific requirements