ISO Training & Support

Security is an ongoing process, whereby the condition of an organization's controls is just one indicator of its overall security posture. Through InfoSight's ISO Training & Support Services, InfoSight will help assist your information security officer to ensure an appropriate information security program is in place.

Our ISO program focuses on:

  • Security process
  • Information security risk assessment tools
  • Information security strategy development
  • Security controls implementation
  • Security monitoring program development
  • Security process monitoring and updating
  • Security reporting

InfoSight will help to identify, implement and oversee the information security goals, objectives and metrics consistent with the organization's strategic business direction, and compliance requirements such as GLBA, BSA/AML, FFIEC, PCI-DSS, HIPAA and others. Our service will assist your ISO with industry best practices and regulatory requirements as well as help support future growth and strategic technology initiatives.

InfoSight's ISO program includes, but is not limited to:

  • Determine with the organization's Senior Management team and ISO the acceptable level of information security risk and /or related risk assessment as it is currently identified in the organization's Information Security Program.
  • Provide recommendations for appropriate risk management practices and recommendations for mitigation strategies.
  • Provide oversight and guidance to the ISO team and management.
  • Review of the information security program and policies to ensure they meet the requirements of the organization and all regulatory requirements, and make recommendations where appropriate.
  • Provide guidance to the ISO and management to ensure the appropriate security controls are in place for the review of critical vendor financial stability, performance and internal controls (SSAE16).
  • Provide guidance to the ISO and management to ensure the appropriate security controls are in place for the acquisition, development, operation, and maintenance of the company's information systems.
  • Provide guidance to the ISO and management to ensure the appropriate processes are in place for the delivery of a Security Awareness training program.
  • Review outstanding audit and exam findings with the ISO to ensure a plan is in place to mitigate any findings.
  • Provide guidance to the ISO and management to ensure the appropriate security controls are in place for the incident response and crisis management plans.
  • Provide guidance if requested to work closely with the company's senior management team to prioritize security initiatives and budgeting, based on appropriate risk management methodology.
  • Provide guidance to the ISO with the compilation and production of the annual information security report produced for the company's senior management and board of directors.
  • Provide guidance to the ISO and management to ensure the appropriate security controls are in place for end user entitlement reviews.
  • Provide guidance to the ISO and management to ensure the appropriate processes are in place for internal and external vulnerability assessments of the company's data networks to evaluate the vulnerability management program.
  • Provide guidance to the ISO and management to ensure the appropriate processes are in place for vulnerability, penetration, and social engineering.