Three Spheres Review
B & A Three Spheres Review
Baretzky & Associates works with organizations to perform an independent, high-level assessment of their corporate security posture in order to understand their existing information security technology and business process controls. During the review, Baretzky & Associates employs a risk-based approach, The Three Sphere of Influence Security Assessment, to assess the current security framework and security posture of the organization.
The Three Spheres of Influence Security Assessment approach is fashioned after control frameworks found in ISO, Cobit, and NIST. Using the Three Spheres of Influence assists in focusing the assessment across a concise grouping of enterprise-wide defense in depth components. The information collected is used to determine any missing controls and make recommendations for areas of action. These recommendations are designed to provide security requirements and solutions that may be used to achieve a more robust information technology security framework.
Baretzky & Associates begins the information gathering process by interviewing select individuals and by reviewing appropriate documentation. We bring decades of assessment experience and a keen understanding of the specific technologies deployed in the customer’s environment. Throughout the review we develop an understanding of the information security management configuration, including information security responsibilities, security governance, security policies, security controls, security operations, security monitoring and follow-up procedures.
As an output from the assessment, Baretzky & Associates creates a report to highlight the key findings and provides remediation recommendations.
The finalized package includes:
- Executive Summary
- Gap Analysis
- Detailed Roadmap
- Targeted Action Plan
- Customized Presentatio