Case Study: SaaS Software Company
Problem: A rapidly growing SaaS software had been asked by a large prospect to provide a description of the controls that were in place to protect customers’ data. While the company felt that they implemented good security practices they had no formal program or documentation to support it.
The scope of the cloud risk assessment included:
Kaliber undertook the project in the following phases:
Kaliber provided a set of deliverables established to both improve the security posture of the client as well as give comfort to their prospects and clients. This output included:
The outcome of this project was a comprehensive road map for a formal Information Security Management System which could be clearly communicated to outside stakeholders while, at the same time, providing a program which increased the organization’s risk and improved business outcomes.
Case Study: Government Agency
Problem: As part of their PCI compliance initiatives a large government agency was required to evaluate required PCI controls, identify missing controls, remediate deficient controls and ensure that existing controls remained effective.
The scope of the cloud risk assessment included:
The outcome of this assessment was provided in a strategic roadmap, containing a description of the changes necessary to comply with the PCI DSS and key risks and options for treatment. The report provided clear direction for next steps to achieve compliance.
Case Study: Non-Profit
Problem: As part of their continued participation in a health network a Healthcare Organization was required to provide a HIPAA-based Information Technology Risk Assessment.
The scope of the risk assessment included:
Classification of data within network
Kaliber’s approach for the risk assessment of IT systems and Cloud services is well defined, and uses a methodology based on industry best practice. The methodology is supported by recognized standards such as the ISO31000 (Risk Management); the ISO 27000 series; NIST Cybersecurity Framework and HIPAA. These were aligned with organizational specific risk assessment methodologies and frameworks.
Kaliber undertook the risk assessment in the following phases:
Kaliber prepared and released a questionnaire to stakeholders to understand the business uses of the IT systems and the data they stored.
Using this information as well as further information gathered through interviews, Kaliber undertook a Risk Analysis that aligned with the proper Risk Assessment frameworks.
The review also included a comprehensive analysis of the security controls inherent in the current environment and related regulatory issues.
The outcome of this assessment was provided in a Report that described the data classification, key risks and options for treatment. The report provided clear direction for risks and options for treatment in securing data in the current environment.
50 Franklin St.
3rd Floor
Boston, MA 02110