Date:


Home
What We Do
Services
Products
   Controls Assessment
   Risk Assessor
About

Blog
Books

Email Us
contact@execia.com

Other Links
ENISA
The Jericho Forum
The Jericho Blog
InfoBOOM
View From The Bunker

EXECIA CONTROLS ASSESSMENT

About The Product

The ExecIA Controls Assessment product (ECA) has been developed to help your organization understand how likely it is that your vital business information is kept accurate and available and is shared appropriately. Accurate, available information, when shared with appropriate people, helps your organisation to develop and improve. Missing, untrustworthy information, or information which is in the wrong hands, will be damaging to your organisation’s reputation and its ability to meet business objectives.

Most organisations find it difficult to assess their information assurance risk because of the large number of factors involved and the absence of any clear baselines. Without knowing the risk, stakeholders won’t understand the issues and clear priorities can’t be set. The ECA product provides a simple, rapid process that will involve all stakeholders – including those from IT services, information security and executive management.

The ECA product is the product of ExecIA's many years of experience in helping organisations to understand and manage their information assurance risk. It is based on two internationally recognised standards: ISO/IEC 27002: 2005 and ITIL. It also uses the capability maturity model (CMM), as deployed by CobIT, to determine where improvement is needed.

How It Works

The product uses a model that considers information assurance controls to fall into three basic types:
  • Strategic controls – these enable the organization to align its information assurance to business and governance requirements.
  • Operational controls – these include the elements needed to deliver control effectiveness and efficiency.
  • Tactical controls – these are the fundamental building blocks of information assurance, often technical in nature.
Current and target capability maturity in information assurance strategy, operations and tactics is assessed by means of your answers to questions about 31 control areas. This can be done rapidly, by answering one question for each control. Or an in-depth study can find answers to several questions relating to each control.

What It Tells You

The product displays a number of reports showing current and target capability maturity levels, both overall and for each of the 31 control areas. It also shows the top ten priority control areas where the organisation should concentrate its efforts in order to improve its information assurance status. These are selected on the basis of the size of the gaps between current and target capability maturity; weighted according to whether the control is strategic, operational or tactical. The weighting is necessary because it is important (all other things being equal) that organisations put strategic controls in place before operational, and operational before tactical.

The product is also capable of displaying (where appropriate) how the organisation's current and target capability maturity relates to other standards, such as the UK Government's Information Assurance Maturity Model (CESG-IAMM).

Screenshots


Downloads
| Home | Contact | Privacy |
(C) ExecIA LLP 2011