Schedule a consultation today

Security Risk Assessments

The ability to manage significant risks effectively is one of the main characteristics distinguishing the most effective organizations from the rest. The challenges of global economic development make managing risk on an enterprise basis a crucial requirement. Establishing and maintaining a formal Security Risk Assessment process is a proven and demonstrable way of providing the necessary assurance and providing confidence to stakeholders. Institutionalizing a practical Security Risk Assessment program is important to support an organization’s business activities.

The Security Risk Assessment process is modeled on and measured against world wide best practice and international assessment standards and tailored to the Client’s specific needs, security challenges and requirements. At MSS we utilize the CARVER Methodology, an internationally recognized target analysis and vulnerability assessment methodology used extensively by the military, intelligence and law enforcement community and the Department of Homeland Security. This methodology aids us in determining which of your assets or systems are most at risk in order to prioritize remedial efforts and to keep it cost-effective.

(Master) Security Plan
Assessments & Development

A security plan or program should be risk-based and strategically aligned with the organization’s objectives. To effectively manage the risk to any organization the security program should not only be assessed on a regular basis but is ever evolving in order to address any deficits. Often the Security Program is an afterthought and poor implementation can drastically increase security expenditures.

The key to successful safety and security programming is a viable technology infrastructure and development and implementation of appropriate policies, the support of key administrators and the empowerment of professionally trained and equipped personnel. An effective Security Program should be bespoke and tailored to the specific needs of the organization but will also establish a balance between appreciating the organization’s culture and the safety and security of your staff and visitors. We work closely with our Clients to build a Security Program and will guide you every step of the way. Our programs provide cost-effective, prioritized solutions and multi-year strategies to advance our Client’s business objectives.

Security Policy
Assessments & Development

Security Policies and Procedures are the foundation of any Security Program in an organization. A well-written and implemented policy contains the necessary information on what actions must be taken to protect the people and property of an organization and contain guidelines for staff in the course of their job. It will additionally educate all levels of the organization on how they play a role in identifying potential threats so the risk can be assessed and a mitigation strategy developed.

Effective Security Policies and Procedures are not written in isolation but need the input from a variety of stakeholders; this not only during the development process but additionally during its implementation. We can either update your existing policies and procedures or assist you in creating new ones.

Schedule a consultation today

Security Audit
& Compliance

Security audits are needed no matter what business you are in. If you are dealing with customers’ information, healthcare details, or compliance guidelines then there is need to do a security audit on your business, process and overall security plans and policies. A security audit is a systematic evaluation of the security of a company’s operational system by measuring how well it conforms to a set of established criteria, it should be extensive and formal and looks at all aspects of an organization’s security rather than just analyzing the systems currently in place. It is different to a vulnerability assessment, which evaluates an organization’s infrastructure and identifies vulnerabilities (defective intrusion devices, system backups, access management, et cetera.). With the assessment results, the evaluator can suggest solutions to the problems within the system.

A security audit consists of both a technical and conceptual overview of an organization’s security systems and practices. Typically it should involve:

  • Determining oversights in Policy
  • Deficiencies in Compliance (Payment Card Industry Data Security Standard PCI DSS, Health Insurance Portability and Accountability Act HIPAA or Chemical Regulatory Compliance CRC OSHA et cetera)
  • Vulnerability Assessment
  • Physical Assessment
  • Review of Operating Procedures and Policies
  • Review of Crisis Management and Recovery Plans
  • Research and Design Processes and Controls

Policies, Compliance and Industry Standards
Review & Development

Having a workplace security policy is fundamental to creating a secure organization. No matter what area of business you are in and your company size, your business will benefit from having a security policy in place. A documented policy that outlines step-by-step procedures and designates responsibilities is your company’s first defense in preparing for and mitigating Risk, Crisis and Threat. Whether HR, IT, Compliance or Security Plan driven, it is also fundamentally necessary to keep all of your employees vigilant and aligned and identify how safety and security will be maintained and managed in the organization, Determining what policies and procedures you should have can be a daunting task for any executive. At MSS we can support you in reviewing current policies and assist in the development of applicable policies required by your organization and Industry.

  • Workplace violence
  • Bomb threats
  • Active shooter/Threat
  • Emergency Management Response
  • Employee Reporting
  • Key management and Other Access Control Devices
  • Acceptable Use Policy
  • Confidential Data Policy
  • Email Policy
  • Mobile Device Policy
  • Incident Response Policy
  • Network Security Policy
  • Password Standards Policy
  • Physical Security Policy
  • Tech and Data Sanitization Policy
  • Backup and Recovery Policy
  • Wireless Network and Guest Access Policy
  • Policy Acknowledgement Form
  • Security Incident Report Form
  • Notice of Policy Noncompliance
  • Account Setup Request
  • Guest Account Request
  • Request for Policy Exemption
  • Visitor policies and Procedures

6050 Stetson Hills Blvd #273
Colorado Springs, CO 80923
7887 East Belleview Ave, Ste1100
Denver, CO 80111, USA

+1 (719) 244-8776 | info@mercurialsec.com