Seismo Enterprise System Assessments
While many firms focus on technical vulnerabilities and shortcomings, Seismo Technologies has postured itself to focus on core business values and business impacts of Privacy and Cyber Threats.

We believe that in order to properly determine an organization's security "health", the people and the processes, not technology, take precedence in any security operation. This can only be done through Risk Management.

Risk Management is defined as: The process that allows stakeholders to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting business processes that support the core business values that are mission critical to the enterprise.

The SEISMO Enterprise Security Assessments is based upon an internationally recognized and certified CBK (Common Book of Knowledge), which allows for adoption by an organization as a standard for policy and procedure implementation.

The SEISMO Enterprise Security Assessments process covers the CBK common criteria of:
  • CONFIDENTIALITY
  • INTEGRITY
  • AVAILABILITY

    The SEISMO Enterprise Security Assessments process incorporates compliance of the International Standard of Information Security (ISO 17799), and the National Institute of Standards and Technology (NIST 800-26).

    Seismo Enterprise System Assessments follow the iterative process with full compliance in System Development Life Cycle (SDLC) Capability Maturity Model (CMM).

    Through our CLSRC (C-Level Security Report Card), we ensure that business objectives are assessed, and that the enterprise's mission is fully recognized. This will provide the C level managers a comprehensive look at their security management program, and the recommendations necessary to pass on their vision for the organization's security initiatives.

    This Report Card summary will provide the C-Level manager a list of business impacts based upon confidentiality, integrity, and availability with identified risks prioritized in a High, Medium, and Low order of importance based upon the organization's core values.

    By providing a visualization of the organization's compliance against the International Standard of Information Security (ISO 17799), with a direct Business Impact Analysis (BIA), it will provide the C level manager a better opportunity to achieve acceptance and implementation of a standards compliance initiative within their organization.

    Attack and Penetration Testing is performed to show a direct correlation between the ISO 17799 configuration controls and the policy guides and procedures used to implement technology configuration controls. A report is developed identifying vulnerabilities based upon confidentiality, integrity, and availability with a report card of identified risks prioritized in a High, Medium, and Low order of importance base upon impact and criticality.

    The FRAP (Facilitated Risk Assessment Process) is performed to identify and assess an organizations Business and Security Risks. A summary report is generated with identified risks prioritized in a High, Medium, and Low order of importance base upon the following assessments:

  • Asset Definition
  • Ownership and Control
  • Threat Identification
    • Threats
    • Vulnerabilities
    • Impacts
    • Probability
  • Common Threat Categories
    • Natural
    • Human
    • Environmental
  • Detection and Recovery
  • Technical Controls
  • Management Controls (Policy and Procedures)
  • Preventitive Controls (Safeguards in place)
  • Operational Controls
  • Risk Mitigation
  • Cost-Benefit Analysis
  • Residual Risk
  • FRAP Reporting

    Seismo Advantage:
    The SEISMO Enterprise System Assessments is a team approach with involves the organization's business knowledge. We understand that you know your business better than anyone else.

    By providing the very highest quality of security expert facilitators to manage the Enterprise System Assessment, a minimal amount of time is needed to develop and fine-tune a total business security assessment. Our highly streamlined process can often turn a 3 month FRAP project into a 5 day process.

    SEISMO Enterprise System Assessments provide a total end-to-end solution with deliverables including:

  • Statement Of Risk (SOR)
    -Includes known risks, controls, review elements (Confidentiality, Integrity, Availability), probability, impacts

  • FRAP Gap Report (FGR)
    -Includes all threats identified, risk levels of threats, possible controls identified, High-Priority threats identified
  • Controls Cross-Reference Report (CCRR)
    -Includes each control identified with cross reference to an established standard (ISO 17799 or NIST 800)
    -Includes identified time-frame to implement controls
    -Includes Acceptance of Risk sign-off (for those controls which are not cost effective or assumed by owner)
  • Business Impact Analysis (BIA) -Includes identified business core values, objectives, and mission
    -Includes identified critical resources, business processes, and impacts.
    -Includes identified controls required to meet organizational needs.
  • Information Classification Identification (ICI) -Includes identified classifications of information according to established standards (ISO 17799 or NIST 800)
    -Includes identified implementation of ICI classification controls
    -Includes identified ICI controls required to meet organizational needs.
  • Management Summary Report (MSR)
    -Includes Scope Statement, FRAP team member list, and definitions, and controls cross-reference report.

    Seismo Services
  • SEISMO CLSRC (C-Level Security Report Card)
  • Attack and Penetration Testing
  • FRAP (Facilitated Risk Assessment Process)

    • Home | Products & Solutions | Services | About Us | Partners | Contact Us
    Copyright © 1993-2003 Seismo | Terms of Use | Privacy Policy