Engagement Options

Information Protection Posture Assessment

Protecting information confidentiality is a critical security objective for every organization. So what are organizations doing to create a more systematic and comprehensive security program that deals with information confidentiality and data loss prevention? Via this assessment, Burton Group’s consulting helps you assess and further develop your strategies for protecting their valuable information assets. Specific areas of focus of the assessment include:

• Policies, processes and standards in effect to protect your organization’s information assets
• Data Leakage Protection:
  • Data at rest (through encryption and improved authorization controls)
  • Data in motion (through filtering and content-aware policies),
  • Data-in-use (through endpoint and virtualization controls) to improve their information confidentiality posture

The assessment starts with a three-day onsite visit by Burton Group consultants, who will hold discussions and carry out activities with key personnel to assess the information protection measures in place.

Facilitated discussions designed to collect information about the structure and makeup of information infrastructure at your organization will be undertaken and documentation will be gathered and generated to produce an overview of your security organization, policy framework and technical architecture. This will include but not be limited to issues related to:

• Understanding of how the organization and its information technology infrastructure operate and what makes it succeed or fail in terms of information systems, including understanding where the business value lies and the impacts of information corruption, loss of availability, loss of control, and leakage involving different elements of information systems and infrastructure.
• Understanding oversight requirements and responsibilities and identifying established duties to protect across the organization.
• Identifying and understanding the current risk management process including threats, vulnerabilities, and consequences associated with information and information technologies, risk tolerance as displayed by management, selection criteria for risk avoidance, acceptance, transfer, and mitigation, and association of surety to risk.
• Identifying the structure of information protection and its management including coverage of:
  • Protection Management
  • Protection Policy
  • Standards and Procedures
  • Legal Considerations
  • Encryption usage
  • Training and Education
  • Protection Awareness
  • Organizational Issues
  • Documentation
  • Protection Audit
  • Protection Testing
  • Technical Safeguards
  • Personnel Issues
  • Physical Protection
  • Incident Response

To start this engagement:

If you work in the Eastern US or Europe, call Homan Farahmand at 905.952.0966

If you work in the Western US or Asia Pacific, call Doug Simmons at 831.429.4001