Optiv Security, the world’s leading security solutions integrator, today announced “Assessments@Optiv,” a comprehensive portfolio of assessment services designed to help organizations rationalize infrastructure, optimize operations, and build risk-centric cyber security programs that are manageable, measurable and effective. Assessments@Optiv addresses every aspect of security and risk, with strategic guidance to help organizations prioritize the assessments that best fit specific business needs.
“Assessments are an essential building block in every client’s security foundation, but with the constantly growing list of cyber threats, regulations, and vendor security solutions, the traditional method of simply ‘checking every assessment box’ is ineffective and often becomes a waste of time and resources,” said Stu Solomon, chief technology and strategy officer at Optiv. “With†Assessments@Optiv, we are taking a different approach. We start by understanding the client’s unique business needs and then take inventory of their current security programs. By partnering with a client in this way, we can develop an optimal and focused security program reflective of specific businesses requirements. This typically results in an optimization of current security investments, a higher degree of security efficacy, meaningful prioritization of future security program activities, and the ability to report on the effectiveness of security investments to the board. Our objective is really to help our clients create clarity out of the security chaos.”
Solomon explained that conducting the right set of assessments is crucial to producing the information needed to make better decisions about technology procurement and rationalization, operations and process optimization, and enterprise risk management. This also breaks companies out of the failed “outside-in” security model where budget decisions are dictated by external influences, factors, threats, and regulations, and replaces it with the risk-centric “inside-out” model where cyber security decisions are based on a foundation of each company’s unique business requirements, and strategic enterprise risk management.
Assessments@Optiv provides clients with access to more than 60 assessments, organized across all major industry frameworks, and security initiatives – from architecture and implementation, attack and penetration, and enterprise incident management to appsec, strategy, risk and compliance, and identity and access management. While typical industry assessments tend to center on regulatory compliance and gap analysis, Assessments@Optiv dramatically expands this ecosystem to include the following areas that can be customized with an assessment lifecycle to fit specific enterprise needs:
- Technology and architecture:†Based on wide-ranging expertise across the IT security product ecosystem, Assessments@Optiv includes proof of concept, technology stack optimization, product tuning and health, and best practice deployments.
- Regulatory requirements:†Assessments@Optiv supports compliance with all key regulations, including SOX, GDPR, PCI, HIPAA/HITECH, NY DFS and more.
- Security frameworks and standards:†Assessments@Optiv provides comprehensive risk assessments across all major industry frameworks, including NIST CSF, COBIT, ISO, CIS Top20 and HITRUST.
- Security operations:†Optiv is able to assess security operations effectiveness whether operations are internal, in the cloud, or through a third-party managed security services provider.
- Security threats and strategy:†Optiv’s advanced threat intelligence and strategy services provide context and real-world examples for client assessment activities.
- Business alignment and security program effectiveness:†Optiv provides templates and language that make it easy to communicate security assessment action items and deliverables to key stakeholders.