|
The Level 2 assessment provides organizations who conduct internally managed e-commerce or Internet banking operations with a comprehensive on-site assessment and network vulnerability test. The assessment gauges an organization’s level of vigilance and compliance with federal regulations that govern the safeguarding of corporate information assets.
The Level 2 assessment includes access to the QuietAudit online assessment tool and reinforces it with in-person compliance and awareness interviews with an organization’s key staff members (typically five to ten IT, security, and compliance personnel). These steps are followed by a remotely delivered scan of the client's perimeter network devices such as the firewall, Web server, e-mail server, etc. to mitigate vulnerabilities and stave off potential attacks. Typically, four to six IPs are sample tested.
The Level 2 assessment’s deliverable includes a comprehensive findings report that addresses the outcomes associated with ISO 27002 security standards and dissects the network’s strengths, weaknesses, and vulnerabilities. It also makes recommendations for corrective action. Level 1 can be re-purposed to assist in maintaining or pre-qualifying for certain forms of network liability insurance.
|
