Acquisition Risk Assessment

Integration Cost - Mergers and Acquisitions

Identity l\1anagement
Cl oud architecture
Strategy and Guidelines
Cloud ri sk evaluation
Compliance
Ownership/ Liability/ lncide nts
Vendor's Financial Strength
SLAs
Infrastructure Audit
Proof of Application Security
Disaster Recovery Posture - Saas Strategy
Application Architecture
Integration of Identity
Management/ f.ederation/ SSO
Saas Policy and Guidelines
Policy
Technology
Lost/ Stolen devices
BYOD
- C'loud Computing
- Mobile Technologie s
HR/ On Boarding/Termination
- Processe s
Business Partnerships
Business Continuity and Disaster Recovery
ROSI
Security Projects - Budget
FTE and contractors
{ Business Enablement J
Requirements
Design
Security Testing
Certification and Accreditation
Project Delivery lifecycle
on Network Segmentati
Application protect
Defense-in- dep
Remote Acee
Encryption Technolog
Backup/ Replication/ t..iultiple Si
Cloud/ Hybrid/ Multiple Cloud Vend
ion
th
SS
ies
res
ors
PCI
SOX
HIPAA
di ts Regul ar Au
SSAE 16
ery
cts
Data Discov
Vendor Contra
Investigations/Forensics
- Security Architecture
{ Compliance and Aud its J
- Legal and Human Resources
l.
CISO Job
)
I
'
Security
/
Operations
-
r Threat Prevention
7
I Threat Detection
I
-
I-
Network/ Application I- Log Anatysis/ correlation/ SIEfvlj
Firewalls
Alerting (IDS/ IPS, FIM.
I-
I-
Vulnerabil ity WAF, Antivirus, etc)
Management
I- Netf lo\Vanalysisl
ii
'H Scopej
L
DLPl
e
f-{ldentifv]
0
H Classifyj
0
K Mitigation]
I
0
'i Mnsurej
0
Application
Security
-
-
Application Development
Standards
Secure Code
Training and Review
Application
Vulnerabili ty Testing
Change Control
File Integrity
Web Application
Firewall
Integrat ion t o SDLC
and Proj ect Delivery
1-@J
H Identi ty
H Information Security Policy
f-{DLP
f{ Anti Malware
1-(Pcoxy/ Content Filtering J
!{Patching J
I{ DDoS Protection J
H Hardening guidelines J
H Desktop security J
L[ Encryption. SSL
Credentialing
Account Creation/ Deletions
Si ngle Sign On (SSD. Simplified sign on)
Repository <LDAP/Active Directory)
( Identity Management } -
Federation
2-Factor Authentication
Risk Management -
Role-Based Access Control
Ecommerce and Mobile Apps
Pass\vord resets/ self-service
HR Process Integration
Physical Security
Vulnerability Managen1ent
Ongoing risk assessments/ pen testing
Integration to Project Delivery
Code Reviews
Risk Assessment Methodology
Policies and Procedures
Associate A\vareness
Data Centric
Approach
-
Data Discovery
Data Classification
Access Control
Data loss Prevention OLP
Partner Access
Encryption/ Maski ng
Monitor ing and Alerting
l Incident Managementj
-
I-
I-
I-
I-
L.
Incident
Media Re
Response
lations
Readiness
Investigation
ach
Incident
Forensic
Data Bre
Preparati on
-
I-
I-
I-
I-
I-
I-
y
Update and Test
Incident Response Plan
Set leadership
Expectations
Media Relations
Business Continuity
Plan
Forensic and IR
Partner
Insurance Policy
Adequate l ogging I