Security and Compliance

An ISMS (Information Security Management System) enables an organization to systematically operate its management system for information security. By establishing the ISMS, the organization can determine the necessary security level, make up plans and distribute its assets based on its own risk assessment in addition to technical countermeasures against each individual issue.

Most organizations today are faced with industry regulations. Whether you are in retail, financial, healthcare or another industry, you will face an industry standard at some point. ECI Networks identifies areas in organizations where they are not compliant, and works with management re-mediate the areas of noncompliance.

EMS Audit and Compliance is comprised of and built upon security regulations, standards, and frameworks. Whether complying with the Payment Card Industry (PCI) Data Security Standard (DSS) or NERC CIP , ECI has the knowledge and skills to get the job done quickly and efficiently. We cover audits for PCI, Privacy, NERC CIP, ISO 27001, HIPAA, TR-39, SAS 70, SOX, and GLBA, to name a few.

The security controls which have been rigorously implemented inside a company’s enterprise must also be extended to the cloud. Understanding the security landscape is  critical to your business. Putting those assets in the hands of a third-party provider warrants proper due diligence from management on down, as how you, the business, manage your deployment.

Understanding how your data flows through the environment, where it is stored, and how it is segmented is an important step to take before actually beginning to utilize cloud offerings. By clearly defining this, you can start to map out controls for protecting your data as well as detail which party is responsible for enforcing that control.

One way to determine the effectiveness of existing controls and what controls are missing is to perform an audit against either FedRAMP or the Cloud Security Alliance’s defined security controls matrix. The Federal Risk and Authorization Management Program (FedRAMP) was developed to provide a standardized approach to assess, authorize, and monitor cloud services and products.  Similarly, the Cloud Security Alliance (CSA) has defined the Cloud Controls Matrix (CCM) which is designed to assist in assessing the overall risk of cloud services. This framework is built proven industry security standards such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP.

By aligning with these frameworks, ECI Networks works with organizations to determine and establish the right security controls.  We understanding the technical infrastructure and we have the knowledge to assist in both the technical and administrative aspects of security controls and documentation requirements.

Click here for reuse options!
Copyright 2014 ECI Networks