http://peritussecurity.com/docs.php
Home |
http://peritussecurity.com/docs.php
News & Events |
http://peritussecurity.com/docs.php
Businesses |
http://peritussecurity.com/docs.php
Credit Unions |
http://peritussecurity.com/docs.php
Solutions |
http://peritussecurity.com/docs.php
Documents |
http://peritussecurity.com/docs.php
About Us |
http://peritussecurity.com/docs.php
Contact Us
Documents

Documents

Please feel free to download any of these useful documents.

Document Description
The Peritus Way The Peritus Approach to Information Security Compliance.
201CMR17 Reprint Reprint of new MA Information Security Regulation.
Compliance Checklist 201 CMR 17.00 Compliance Checklist
Executive Order Order regarding the security and confidentiality of personal information
93H Sample Letter to Attorney General 93H Sample Letter to Attorney General
201 CMR 17 FAQs Frequently Asked Question Regarding 201 CMR 17.00
Compliance Tips Kurt Baumgarten quoted in SearchCompliance.com
Privacy laws: Leading the charge Kurt Baumgarten quoted in SC Magazine
MA Battleground for Consumer Protection Kurt Baumgarten quoted by Identity Theft 911
Risks of Noncompliance Kurt Baumgarten quoted by SearchCompliance.com
CVS HIPAA violation Kurt Baumgarten quoted by SC Magazine
Microsoft's Patch Kurt Baumgarten quoted by PC World Magazine
 

Frequently Asked Questions

Frequently asked questions are part of the process when you first starting thinking about security and how it impacts your daily operations.  Peritus will take the time to answer any and all of the questions you might have.

What is ISO 27001?
What if I am not in compliance?
What qualifies Peritus to be my information security partner?
What is the difference between a risk assessment, an audit, and a penetration test?
 

What is ISO 27001?

ISO 27001 is a published and accepted standard that is meant to act as a model for implementing, operating, monitoring, reviewing, maintaining, and improving Information Security Management Systems. This impacts credit unions in a positive way because guiding security actions with ISO 27001 as a framework of reference will allow you to capture all of the needs for legislative security compliance.  Peritus models the audit and assessments methodologies around ISO 27001 and thus is able to satisfy many requirements mandated by multiple compliance acts.

The team is made up of individuals with many years of experience in technology and information security. All compliance assessments and audits are reviewed and signed by a Certified Information Systems Auditor (CISA).

What if I am not in compliance?

If you are not incompliance, penalties and even imprisonment can result. Of course it all depends on what act you are not in compliance with, but as a good example, GLBA stipulates that a credit union can be fined ten thousand dollars for each instance of non-compliance and officers can be imprisoned. However, the road to satisfying legislative requirements begins with due diligence, and getting started on building sound information security is relatively simple.

What qualifies Peritus to be my information security partner?

The Peritus team consists of individuals that have many years of experience in information security and technology. Our staff is capable of understanding diverse customer needs because we have worked closely with all types of customers. Whether the organization is small, medium, or large - Peritus tailors the approach to information security using sound industry principles. Our staff credentials include team members with  the Certified Information Systems Auditor (CISA) designation, as well Master Degrees in Information Assurance (MSIA) from universities accredited by the National Security Agency (NSA). Peritus employees also have many vendor certifications such as the Microsoft Certified Systems Engineer (MCSE) and the Cisco Certified Network Engineer (CCNE) to name just a few.  Keeping up to date with industry standards allows Peritus to understand today's technologies and security requirements on both a strategic and tactical level.

What is the difference between a risk assessment and an audit?

For clarification under ISACA and IFPA standards: the Audit is a formal process performed by a qualified independent auditor. The audit generates a report viewed to represent a high assurance of truth. Audits are used in assessed reporting engagements. Assessments are less formal and frequently more cooperative with the people/objects under scrutiny. The assessment report is viewed to have lower value (moderate to low value) when compared to Audit. Assessments can include both outsider's and internal self-assessments. The true value of the assessment is to create a sense of ownership by the user. Assessments are excellent vehicles for training and awareness. The goal of an assessment is to help the user/staff work towards improving their score. However the audit is the score that actually counts for regulatory compliance purposes. Remember the basic control requirement is to separate the "worker" from the person providing "authorization" (separation of duties). Assessments are considered bias since the separation is not clean as it would be under a formal independent audit.