Risk Assessment

Risk Assessments



Physical risk assessments

As we constantly implement new technology to make life, business, health, and communication easier, we tend to forget that physical information still exists. Whether it is being currently used or stored due to legal requirements, the potential for a breach continues to exist.

IDTSOA has performed many assessments thru all types of organizations and the most common mistake we see is the “mundane.” To often organizations implement new methods of business, employees attempt to keep up and the hard copy and physical files slip our mind.

IDTSOA can provide your organization a fresh perspective on the liability that lies all around you. Certified Identity Protection Advisors (CIPA) look for the following:

  • How are current files stored?
  • Where is out dated information stored?
  • Who has access to these files?
  • Are the locations secured from outsiders?
  • What are your retention and destruction rules?
  • Plus many more areas…

Most importantly we provide a written assessment of your entire organization of what your most important vulnerabilities from a data breach or identity theft are.


Electronic risk assessments

In today’s business environment, people rely on technology to act as the tool to communicate, store, and share information. As important as a physical assessment is, it is more important to assess the risk associated with using today’s technology. We ‘believe’ that our information is secure, however we have no physical evidence.

IDTSOA has a comprehensive and competitively priced electronic assessment tool that allows for standardized information security assessment testing. It is designed to reduce the time of scope development, the overhead of on-site techs, and the time spent in data aggregation and reporting.

The information security assessment is tailored to the specific environment in an
efficient manner, and is set-up to provide “useful” reporting specific to real issues
identified, not just a collection of “best practices”.
The assessment provides a report of the following:

  1. Controls-Based Risk Analysis
  2. Internal Vulnerability Assessment (IVA)
  3. External Vulnerability Assessment (EVA)

The report is broken into 2 main segments:

1. Executive Level
The Executive report is designed to give a quick overview summary of the different areas tested.

2. Technical Level
The technical level report includes controls based risk analysis overview, specific areas of “gap” identified, and detailed recommendations to fill gaps with needed controls. It is tailored to information classification/criticality levels and is immediately actionable and easily understood.
In addition to the controls-based risk analysis, the technical report includes the results of the IVA and EVA. Identified issues are sorted by criticality priority, and include a full description of the problem in addition to mitigation steps and external links (where available).