Hosted by AT&T and powered by AT&T ICDS.

Assessment and Compliance

The Business Challenge

The increased frequency of security incidents, including well publicized breaches, has resulted in new legislation at both the federal and state level, including the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley. Each of these regulations holds organizations accountable for the protection of private information and requires risk assessments as one component of an effective security program. The challenge for IT is to develop such a program in close partnership with the lines of business. There are also financial motivations for compliance: firms with superior IT governance have more than 25% higher profits than those with similar strategic objectives but who lack such governance.

The AT&T Solution

Establishing a security baseline is an essential first step in understanding your posture relative to risk. AT&T Consulting Solutions includes Vulnerability Assessment and Penetration Testing offerings for a comprehensive, independent and objective analysis. Our consultants simulate real-world attacks against your organization's technology infrastructure. They also identify vulnerabilities to your network infrastructure and develop a remediation action plan tailored to your unique business requirements and security needs.

Armed with the assessment results, what is needed next is a framework for measurement and recommendations. ISO 17799 has emerged as the most widely recognized information security standard in the world. We have developed a proprietary benchmark service which combines the value proposition of ISO 17799 with the well accepted Security Capability Maturity Model, based upon COBIT. This allows us to map your organization's current and goal states to ISO 17799 using CMM as the yardstick. Our deliverable includes provides a comprehensive report, including a "dashboard" of compliance achievements and gaps, maturity stages, and severity. We make specific recommendations which:

  • Take into consideration your risk profile
  • Estimate the risk reduction and cost to put that measure into place
  • Are consistent with regulatory, legal, and policy drivers
  • Are validated for consensus with key stakeholders, and
  • Are aligned with the overall strategic security roadmap

Solution Benefits

  • Provides an independent and objective security baseline
  • Validates current security controls, processes and, organizational security program management against relevant best practices
  • Accelerates security program sponsorship and funding by providing a summary dashboard and executive analysis

Services Summary

  • Security—Vulnerability Assessment / Penetration Testing
  • Security—ISO 17799 Security Benchmark

Return to Top