Overview

Security Assessment reviews security policies and procedures to determine whether they are adequate for addressing security threats, culminating in a report of findings and recommendations that you can implement to align your policies and procedures with your company’s security strategy.

Security Assessment Steps

  • Determine the scope of assessments to be performed.
  • Establish a prioritized assessment schedule.
  • Identify and gather required skills and tools.
  • Create an assessment implementation plan.
  • Review system documentation, including system configuration documents and system log files, to determine expected security configuration and capabilities of the system.
  • Identify and analyze the target system through investigative techniques that include network foot-printing, port and service scanning, and vulnerability assessment.
  • Validate vulnerabilities that may be discovered through techniques that include penetration testing, password cracking and social engineering.
  • Review validated assessment findings to determine the risk and cost impact on the organization.
  • Create a final report outlining the findings of the assessment.

Security Assessment Benefits

  • To guide IT management in the responsibility to safeguard assets and data under its control
  • Corporate management and boards often mandate security policies that IT must implement
  • Ensure adherence to corporate and regulatory compliance
  • To minimizes financial, operational, and legal exposure
  • To Ensure that necessary security controls are integrated into the design and implementation of a project
  • To provide documentation outlining any security gaps between a project design and approved corporate security policies