IT Security quickscan & assessment
ICT is becoming increasingly complex, and so is ICT security. For many companies, ICT systems, and especially the associated data, are the proverbial heart of the organisation, which must also be available 24/7. You achieve complete and solid security only through the right combination of policy and technical measures.
Protify can help your organisation with this, by providing insight into the IT-related risks based on an IT security quick scan or full assessment. You will get insight into the risks and vulnerabilities of your organisation and a thorough and clear advice regarding your IT infrastructure and related security measures. You will also gain insight into the status and maturity of your IT security, based on the CMM maturity model. We advise your organisation to take the right measures and prioritise them.
​
Get answers to the following ICT security questions for your organisation:
-
How can you properly and easily protect your organisation's ICT systems and data?
-
How do you prioritise security correctly?
-
Do you consider policy, legislation and regulations in addition to technology?
-
How do you monitor this process?
-
Insight into the top 10: quick actions to make an immediate difference (quick wins)
-
Advice at strategic level
-
Advice on a roadmap
-
What is the maturity level of your organisation
​
It also provides evidence when tendering or if a supplier imposes certain requirements on your organisation. So, you can provide evidence to companies that want to work with you and make this transparent.
IT security quick scan or assessment: provides insight into the current situation regarding measures taken with regard to IT security, information security and business continuity. The assessment is carried out based on the following management measures (controls), which are divided into six themes:
-
Organisation;
-
People;
-
IT infrastructure;
-
Technical;
-
Identity and access management;
-
Continuity management.
​
For each theme, based on questionnaires, each section sometimes goes through as many as 50 questions, this gives you as an organisation an insight into how processes and issues are organised. The questions per theme include industry standards: ISO 27001, NIST CSF, CIST and CSIRT.
The answers to the questions are scored in the CMM maturity model. Where you aim for a minimum desired level and the 0-5 scale shows how your organisation is doing.
Using the questionnaires, various insights are visualised:
-
Charts per chosen standard
-
Charts of the six themes.
​
Collaboration Protify and Aragorn
ICT security extends beyond technology or policy, which is why Protify and Aragorn decided to start a collaboration since 2021 with the aim: to map the complete ICT security landscape of organisations and secure it even better. Aragorn distinguishes itself through in-depth knowledge of ICT infrastructures and associated ICT security. Combined with Protify's knowledge of IT and information (security), risk management and business continuity, together we can help your organisation on all aspects for conducting an IT security assessment. Both organisations are ISO 27001 certified.
In control: 'Tell me, show me, prove me'
Organisations' IT environments are getting bigger, more things are being added and more data needs to be processed. This only increases the risks you face as an organisation. Do you want to understand the risks your organisation faces? And ensure that not only the IT manager is aware of them? During the IT security quick scan or assessment, the following three principles are applied: 'tell me, show me, prove me'. So, it doesn't just stop at an interview and just one example. We look at the set-up and implementation.
Mind you, it remains a snapshot; the moment new applications or network components are added, for instance, the situation changes. So, see the scan as a baseline measurement.
Types of analysis:
-
IT security quick scan: global assessment of the six themes, where we perform the analysis based on the 'tell me' and 'show me' principle. The quick scan is mainly aimed at SMEs and somewhat smaller enterprises that want to have a quick insight into their IT security status.
-
IT security assessment: assessment on all aspects, covering all six themes in detail. Specific attention is paid to all components relating to policy, procedures, processes, design, and implementation. Where possible, we also perform automatic scans to see how your organisation is doing. An IT security assessment is carried out based on the 'prove me' principle, whereby it must be demonstrated how the policy is implemented. An IT security assessment is for SME+ organisations that have an IT manager and/or IT team.
​
Process: Interviews employees
During the IT security quick scan or assessment, your organisation's employees are also involved by conducting interviews. HR staff, production staff, IT managers up to management are interviewed over a morning to several days, depending on the size and type of organisation. Following these interviews and visual inspection, a report is drawn up, in which the CMM maturity model forms a part, including advice per theme with recommendations. The choice is then up to your organisation whether you want to start working on this yourself or do this in the form of a project; IT security programme, where we as Protify offer a tailor-made approach for your organisation.
Getting started
After the IT security quick scan or assessment has been carried out, you should take a structured approach to the design and implementation of information security and IT security and make it a permanent part of your business processes. A security programme should therefore form an integral part of your organisation's strategic policy and be attuned to the (mid) long-term goals and the related (business) risks. The success of the security programme depends on the commitment of the management and organisation and should therefore also be budgeted for.
Answers to your IT security questions?
Do you want insight into your organisation's IT security and know what potential risks your organisation faces? Contact us and we will discuss the best approach for your organisation.
​
​