Professional Services
Governance, Risk and Compliance (GRC) consulting practice - to be launched in 2009
 Unencrypted CD containing bank account information missing
 Social security numbers and financial records found in dumpster
 Laptop stolen from car, containing unencrypted personal data
 Spreadsheets with confidential data exposed on public storage area

 HIPAA Security, GLB Act, Sarbanes-Oxley Act
 PCI DSS, NIST 800-53 & California SB-1386
 FACT Act, Canada PIPEDA, Canada PIPA
 UK Data Protection Act, EU Directive on Privacy
 Basel II, FSA
 
Compliantz Healthcheck
While our Compliantz software offers organizations the capability for self-assessments, it is highly recommended that an assessment be undertaken by an external entity at least once a year to prevent the potential for internal collusion/fraud. eFortresses or it's partners can perform an on-site "healthcheck" in 5 days that will report on areas of non-compliance with applicable regulations and recommended actions to become compliant. This work will be done at a fixed fee, which is rare to find these days.
 
ISO/IEC 27002:2005 Compliance
This code of practise has now gained international acceptance as the most comprehensive best practices framework available for Information Security Management. eFortresses assists organizations desiring ISO/IEC 27002 compliance by providing value added services, including:
 
  Gap Analysis / Compliance Roadmap
  Security Program Development
  Security Policy Development
  IT Risk Assessments
  Attack & Penetration Testing
  Network Security Architecture
  Incident Management - Security Breach Notification
Computer Forensics
 
ISO/IEC 27001:2005 Certification
eFortresses offers 6-week to 6-month preparation service for organizations seeking ISO/IEC 27001 certification, including:
 
  Risk Management Framework development
  Risk Assessment & Treatment process
  Asset Register development
  Asset Classification & Control
  Readiness Assessment / Remediation Plan / Certification Roadmap
  Early Selection of Accredited Certification Body
  Scoping Exercise including Scope Document, Statement of Applicability development
Regulatory Compliance Mapping
  Integration of ISMS with COBIT, COSO, ITIL/ISO 20000 etc
  Internal ISMS Audit; Desktop review of Documentation, Control Objectives and Control Evidence
  Information Security Forum development
  Preventative and Corrective Action Plan development
  Facilitation of ISMS Pre-Assessment, Stage I and Stage II Audit
ISMS Maintenance including Corrective Actions, Continuous Improvement, Metrics, Surveillance Audit
 
 
ISO27001 to Security Breaches Matrix
2008 Breaches Matrix
2007 Breaches Matrix
2006 Breaches Matrix
2005 Breaches Matrix
Membership
Associate Consultancy Program
BSI Management Systems Associate Consultancy Program
Customer Case Studies
Compliantz Case Studies