Morlok Technologies Information Security Services - Risk Assessment, Information Security Program Development, and Security Policy

Information Security Services

Security Challenges

If you are responsible for information security for your organization, you are in an uncomfortable position. It is difficult to assess and prioritize risks. New threats emerge quickly, and you need to analyze the threat and implement defenses. Employees and management contribute to the problem by risky behavior, or by prioritizing “getting the job done” ahead of following security procedures. Often, you don’t know how safe or vulnerable your organization may be. And you are in a constant struggle for adequate financial and personnel resources to do a good job of securing information assets. If you have other responsibilities, and information security is just one of your roles, you have even greater challenges. We can help.

Our Approach

We start by performing an effective risk assessment. “Effective” is not just an external penetration test, or a vulnerability test that discovers a few missing patches. An effective risk assessment is broad-based, considers both internal and external threats, and analyzes both technical security risks and physical security issues. This process documents the location and sensitivity of information assets, the structure of your network, and the possible avenues of attack. The result of this risk assessment process is a report that is actionable by both technical staff and management in making immediate security improvements.

Based on the risk assessment, we lead the development of an improved, comprehensive information security program for your organization. You probably have several pieces of the program in place. The risk assessment process will guide you in focusing security improvement efforts on areas that will yield the most results. We can:

Define the information security roles in your organization
Define responsibilities and activities of the Chief Security Officer
Define security responsibilities of the IT department, management, and staff
Create an effective policy architecture
Update or write individual policies
Develop a security program that conforms to HIPAA, FFIEC, FDIC, OTS, OCC, NCUA and SEC regulations

Information security requires sustained effort, based on a formal program that is customized and appropriate for your organization. Call us today to determine the next steps for your organization.