NetDiligence®

QuietAudit® (QA) QuietAudit is a web-based automated ‘customer self-assessment’ service based on ISO 17799 security standard and other best practices. The service produces a ‘summary score card’ deliverable for businesses and financial institutions that seek gauge their level of network safety - or to simply reaffirm and document their solid security posture. This service provides and efficient approach to self-assessing for a baseline level of due-care network security and privacy measures.

Manage Your Own Network Risk
Our goal is to provide the insured customers with tools they need to assess and help themselves.

Efficient & Cost Effective: QA is a practical, cost-effective approach that allows companies and their underwriters to identify cyber risk exposures so steps can be taken to reduce the ultimate frequency and severity of network oriented losses.

ISO 17799 scope, plus more: provides a diagnostic analysis of network security management, disaster recovery planning, privacy compliance and other network-based risk exposures that could negatively impact balance sheets from both first-party and third-party liability risk vantage points. We also build in recommendations provided FFIEC on other organizations.

The system provides a user friendly, automated process to assess people, processes and technology.

The scope of the assessment provides a panoramic ‘snap shot’ of a various types of network-based risk. E-Risk testing categories include:

• Current events (e.g. recent laws and new risk exposures)
• Security policy
• Security organization
• Asset classification and control
• Personnel security
• Physical and environmental security
• Computer and network management
• System access controls
• System development and maintenance
• Business continuity planning
• Security compliance
• Internet liability (website based intellectual property infringement)
• Privacy and regulatory compliance
• Records Information Management Practices (based on ISO 15489 standard developed by a partner ARMA www.arma.org)
• FBI top network threats & recommendations
• Compliance modules (e.g. GLBA 501b, HIPAA, and more)

Our approach is designed to extract critical information related to network security management and to verify that due care standards, including baseline safeguards, are in place.

A Solid First Step
The NetDiligence®www.NetDiligence.com cyber risk assessment approach helps financial institutions comply with the spirit of regulations such as GLBA 501b and allows businesses to mitigate their threats and reduce the likelihood of incurring network and information-oriented losses.