GOVERNANCE, RISK AND COMPLIANCE
Merlin approaches governance and compliance by combining risk and compliance evaluations with incident and event management. We perform risk evaluations by implementing red-team assessments that combine national threat and vulnerability information with data collected and discovered through onsite testing activities to provide tailored risk analysis reports with actionable remediation recommendations prioritized by risk. Our broad service capabilities range from network (wired and wireless) mapping and system characterization, to database scanning and review, to malicious code analysis.
Merlin performs compliance assessments based on a variety of compliancy mandates including those defined by the DoD and Intelligence Community, NIST, FISMA, and commercial governance, risk, and compliance (GLBA, SOX, HIPAA, ISO and COBIT).
Merlin uses the Security Information and Event Management (SIEM) infrastructure to provide end-to-end management of security issues by defining processes to follow with supporting policies and procedures; assigning roles and responsibilities; having appropriate equipment, infrastructure, tools, and materials available; and by having qualified staff trained to perform the work in a consistent, high-quality, and repeatable way. SIEM is an administrative function of managing and protecting computer assets, networks and information systems. Incident management methodologies must define and enforce standardized workflows and activities for such issues as identifying, logging and categorizing problems; and incident escalation to name a few.