About ACE’s Information Security Assessment Service - Your Friendly Neighborhood Security Auditor

This is Gerard Morisseau, Senior Program Manager for ACE’s Information Security Assessment Services (ISAS). ISAS offers several security assessment services aimed at helping Microsoft IT and the business assess their information security risks, improve controls environment, and strengthen their information security management systems. Our most popular services include Information Security Risk Assessment, Controls Assessment Training and Vendor Security Maturity Assessment. These services are based on the ISO/IEC 27002:2005standard, an internationally recognized framework for managing information security management programs.

The Information Security Risk Assessment service is designed to help organizations identify, evaluate and prioritize risks to their critical information assets. The service also helps organizations develop remediation plan based on risk prioritization model. The goal of this service is to ensure that clients are managing their information assets in a manner not only consistent with Microsoft security policies and standards, but also with industry best practices.

The Vendor Security Maturity Assessment provides managers with great insights into third parties’ ability to secure and maintain the confidentiality, integrity and availability of hosted information assets. This service also helps ensure that third parties are managing information assets in a manner not only consistent with established security policies and standards, but also with industry best practices.

These services are now available to Microsoft customers and partners interested in assessing information security risks in their environment or at third parties hosting their information assets.

ISAS also include services to help prepare organizations interesting in obtaining their ISO 27001 Certification.

Watch my podcast “Infrastructure Security Assessments” where I describe our risk models and I also talk about how we how identify security maturity levels in different environments inside and outside of Microsoft. Feel free to contact us if you have any questions or comments.

-Gerard Morisseau

Senior Program Manager

ACE Team - Infrastructure Security