Threat Vulnerability Assessment - Sarbanes Oxley Compliance Tool
The Threat Vulnerability Assessment Tool is one component of a series of HandiGuide® Tools that are used to assess threats and vulnerabilities associated with both physical and electronic locations. This process is mandated by Sarbanes Oxley and has been used by scores of our clients. Different businesses like credit cards, telecommunications and banks all strive to be Sarbanes Oxley compliant. Included in the tool is a detail work plan for managing the Threat & Vulnerability Assessment Process.
Sarbanes Oxley compliance requires enterprises to conduct a risk vulnerability and threat vulnerability assessment. The process concludes with a security vulnerability assessment.
A 3 page questionnaire should be completed for each physical location of the enterprise and for each business application and the location that the application/process is used. Sections of the Questionnaire Tool include the following:
- Demographics of each physical location,
- Access to each facility at each physical location,
- Environmental factors associated with each physical location,
- IT and business process at each facility,
- A risk ranking matrix with a scoring mechanism that looks at:
- Vulnerability as measured by probability of the threat occurring versus,
- The impact of the loss
- Rules for scoring the risk.
The tool comes in PDF, EXCEL (2003 and 2007), and WORD (2003 and 2007) formats that can be used directly, modified, or both.
Modern organizations have a huge challenge on their hands, on a scale unlike anything they have seen. They must “secure” the organization in the face of increasing complexity, uncertainty, and interconnection brought about by an unprecedented reliance on technology to accomplish their mission. They must also stay mindful of the regulations as legislators discover the importance of security. Some of the challenges that organizations must overcome to be successful in this environment are based on the roles that individuals within the enterprise play.
These job descriptions defines ways in which a change in responsibilities are the impetus for an emerging mission-driven approach to security.