IOActive's risk management services provide our clients with the care and skill necessary to proficiently assess their needs and prepare reasonable, actionable plans for addressing those needs. We start by understanding our clients' business processes, information assets, and the supporting system infrastructure and then proceed to identify vulnerabilities, threats, and their likelihood of exploitation—documenting risks and preparing a prioritized list of mitigation actions. We outline the anticipated human resources, technology components, and control processes required to address the risks, as well as metrics that measure performance.
Risk Management services include, but are not limited to:
- Compliance Assessments
- PCI Data Security Standard and Application Best Practices
- M&A and Vendor Due Diligence
- Regulatory (HIPAA, GLBA, NAIC, NERC, SOX)
- European Union Data Protection Directive
- ISO 17799/27002:2005
- Third-Party Assessments including SAS 70 support
