Site security assessment

For maximum protection, your information security controls rely on physical security controls that may or may not be within your organization's management control.

IBM's Site Security Assessment provides you with an in-depth review of the site security controls and processes used at your site or throughout your enterprise.

This review will be conducted against your corporation's security standards, established IBM procedures and guidelines and a standards-based "best practices" baseline.

Social engineering infiltration testing can also be included.

The goal is to help you achieve a secure working environment for employees and other persons working at or visiting your facilities and to help you establish processes to ensure the protection of intellectual assets and protection of all site facilities.

In order to ensure a consistent assessment which can be used repeatedly to measure changes over time, the consultants will use as their model both IBM's own internal site security standards and a standards-based "best practices" model. The review is designed to take approximately two weeks for a typical location and will determine if:

• Procedures have been implemented to ensure a secure business environment for all employees and other persons working in your facilities,
• Emergency plans covering anticipated emergencies and catastrophes have been established, and plans adequately address the protection of people and assets,
• Procedures have been implemented to report and analyze security incidents, bring them to closure, and prevent reoccurrence,
• There are effective management processes to protect proprietary information and assets from unauthorized disclosure, modification or misappropriation, and
• There is a process in place to provide management with a validation that the security controls within the scope of this engagement are operating effectively.

Service covers:

• A review of your organization's IT site security processes and related documentation in the following areas: physical security, emergency planning, incident management, contract management, and information protection
• An analysis of the information from interviews with key managers and process owners against your corporation's standards, IBM's own internal standards and a standards-based model of "best practices"
• A final report detailing observations and recommendations made during the review, and a management presentation outlining identified strengths and weaknesses relating to site security processes and procedural compliance.

Price:
The contract amount for IBM's Site Security Assessment typically ranges from $20,000 to $70,000. Taxes and applicable travel and living expenses are extra.