Toronto-Based Informatica Security has expanded its global service portfolio to meet the needs of smaller organizations with the broadest range of security assessment options available. With 86% of security breaches originating externally and over 75% targeting both small businesses and the non-profit sector, the focus has shifted to organizations that have traditionally been less prepared for hacking and privacy attacks.
Global firms in diverse industries and government agencies face the mounting pressures of compliance requirements and industry standards, designed to protect them, their clients and the public against the almost infinite variety of threats to information assets, financial risks and identity theft. Many organizations are required to simultaneously comply with multiple laws, standards and practices while regularly repeating audit procedures.
Most organizations find this process extremely resource-intensive, expensive and in many cases, ineffective. Many fail their audits while others see inconsistent service levels from companies hired for their expertise in conducting information risk audits. Informatica’s president, Claudiu Popa is one security and privacy expert who believes that the situation is not sustainable and further pressure will make organizations less likely, rather than more likely to become compliant. He said “we are seeing both auditors and their clients skipping steps, failing to address critical risks and creating dangerous situations where a false sense of security leaves the organization open to attack and customers vulnerable to privacy and identity theft. This is absolutely unacceptable and we worked hard to ensure that our proprietary security assessment methodology addresses the situation.”
Not all security assessments are created equal
Informatica’s Verify methodology is designed to be applied to a vast number of situations, from global enterprises struggling to contain the costs of Sarbanes-Oxley audits to small retailers that need to comply with the evolving VISA PCI standard. Organizations around the world can register for an information security or privacy review (FlexSecure Verify Gold), a standards compliance audit (FlexSecure Verify Platinum) or a comprehensive threat and risk assessment (FlexSecure Verify Titanium). Each solution is based on a recurring model with recommended intervals of 3 to 12 months between assessments, although one-time assessments continue to be a popular choice for many organizations: “We find that companies come back every 6 to 12 months to conduct risk assessments, but they occasionally change the focus of the project from analyzing the risk of internal applications to gauging the physical security of their data centres. Our certified security experts are able to accommodate almost any situation, but we recommend adequate planning before any such undertaking to maximize effectiveness”.
Informatica Research experts estimate that between 20% and 50% of all information security assessments conducted in the industry today are ineffective due to improper planning, inadequate resources or unqualified auditors. The company works with management and internal audit or IT staff to properly plan and communicate the essential aspects of each project before it takes place. For organizations that do have qualified in-house personnel, Informatica Security offers a version of FlexSecure Verify that can be completed jointly with its security experts, leading to significant savings in both cost and time.
World-class information security assessments and compliance audits
The FlexSecure Verify family of recurring audits and assessments is the only service line based on 15 years of diverse best practices and industry standards-based business assessments, product testing and policy audits. As Informatica’s flagship service, Verify helps dozens of organizations protect themselves and their client base each year, with a methodology designed to uphold industry standards such as ISO17799, SysTrust, PIPEDA, Sarbanes-Oxley, GLBA, FISMA, HIPA, PHIPA and any other risk-based compliance requirement. Verify engagements are complemented by detailed reports and presentations on the security posture of products, networks, systems, Websites and/or applications.
FlexSecure Verify is the combined work of certified Informatica professionals and best-of-breed technology. Different types of Verify engagements address the business risk requirements of today’s organizations: internal security audits, external vulnerability assessments and process reviews, which include policy and procedures analysis, data retention and business continuity planning.
About Informatica Corporation
Toronto-based Informatica Corporation (informaticasecurity.com) is a renowned information risk consulting leader. Over the past 18 years, Informatica has provided consulting, analysis, implementation and training solutions to SME and enterprise clients in diverse sectors and world regions. Informatica clients include financial organizations, government, non-profit organizations, services, manufacturing and health organizations.
The Informatica group of companies offers diversified security solutions including published research, emerging threat analysis, corporate risk strategy, security project management, corporate training and security awareness certification for all corporate employees. Informatica also offers best-of-breed commercial products.