Basic Security Assessment

The Basic Security Assessment (BSA) will follow the general principles and subcategories from the NIST Cybersecurity Framework and the recommended Security Controls will reference the NIST SP 800-53 Rev 5 Security and Privacy Controls.

  1. Understand your business, how it operates, and the type of data it handles.
  2. Review external governance to help determine applicable requirements (laws, regulations, mandates, industry best practices, etc.), including but not limited to:
    • State Data Privacy Laws
    • HIPAA
    • GLBA
    • PCI DSS
    • GDPR
    • NIST 800-171
    • Etc.
  3. Work with the business to define the scope of the Basic Security Assessment.
  4. Review existing Information Security controls:
    • Administrative (policies and procedures)
    • Physical
    • Technical
  5. Identify and recommend missing critical security controls.
  6. Provide a report of findings and recommendations to help improve the organization's security posture.
  7. Obtain the organization's sign-off on any approved initiatives and initiate the project management phase.

DISCLAIMER: Please note this is not a Full Risk Assessment or Compliance Audit. This is a good first step for an organization that has never checked had a Cybersecurity Assessment.

Please let us know how we can help, take advantage of our initial FREE Initial Consultation. Contact us to get started.