Threat Vulnerability Assessment - Sarbanes Oxley Compliance Tool
The Threat Vulnerability Assessment Tool is one component of a series of HandiGuide® Tools that are used to assess threats and vulnerabilities associated with both physical and electronic locations. This process is mandated by Sarbanes Oxley and has been used by scores of our clients. Different businesses like credit cards, telecommunications and banks all strive to be Sarbanes Oxley compliant. Included in the tool is a detail work plan for managing the Threat & Vulnerability Assessment Process.
Sarbanes Oxley compliance requires enterprises to conduct a risk vulnerability and threat vulnerability assessment. The process concludes with a security vulnerability assessment.
A 3 page questionnaire should be completed for each physical location of the enterprise and for each business application and the location that the application/process is used. Sections of the Questionnaire Tool include the following:
- Demographics of each physical location,
- Access to each facility at each physical location,
- Environmental factors associated with each physical location,
- IT and business process at each facility,
- A risk ranking matrix with a scoring mechanism that looks at:
- Vulnerability as measured by probability of the threat occurring versus,
- The impact of the loss
- Rules for scoring the risk.
The tool comes in PDF, EXCEL (2003 and 2007), and WORD (2003 and 2007) formats that can be used directly, modified, or both.