Customer Definition of an Assessment

by Sean Martin.

	Tweet
Share	\|

Homepage | Submit your article | Contact | TOS

More articles on management

You are here: Categories » Business » Management

A critical first step for an assessment project is to come to a common understanding on what composes an assessment. Often you have to spend a great deal of time with potential customers just defining what they are looking to accomplish with the “assessment” process.The term assessment has been used loosely for years to describe everything from an audit to “attack and penetration” testing. NSA has broken up what has been traditionally called assessments into a threephase, top-down approach.

1. Assessment The assessment is an organizational-level process that focuses on the nontechnical security functions within an organization. In the assessment, we examine the security policies, procedures, architectures, and organizational structure that are in place to support the organization. Although there is no hands-on testing (such as scans) in an assessment, it is a very hands-on process, with the customer working to gain an understanding of critical information, critical systems, and how the organization wants to focus the future of security.

2. Evaluation The evaluation is a hands-on technical process that looks specifically at the organization from a system/network level to identify security vulnerabilities that exist in those systems and can be mitigated through technical, managerial, or operational means. Evaluations are often confused with assessments.The IAM specifically focuses on the assessment, but elements of evaluations can be included in the IAM process. NSA calls this a Level 1+ assessment.This includes doing technical analysis of the firewalls, intrusion detection systems, guards, and routers. It may also include some basic vulnerability scans of the customer’s networks. In addition, the IAM process provides excellent information that leads into future evaluations.

3. Red teaming Red teaming, often called attack and penetration testing, is a process whereby someone imitates an adversary looking for security vulnerabilities to make it easy to break into a system or network.This is often called the low-hanging fruit because these vulnerabilities are the easiest means into the customer network.

Leave a comment or ask a question

Total comments: 0

Disclaimer

The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue

The Four Management Initiatives - For many enterprises, the challenges have been met by pursuing four management initiatives: 1. Provide systematic and comprehensive knowledge management distributed widely thro (more...)

Successful Leadership Made Easier - One can come up with a lot of ways on how a leader can be successful; however, I suggest it can be boiled down to 6 things. In order for a leader and their followers to be assured of success they (more...)

Sustaining Service Quality Performance - An essential element in sustaining a vibrant service quality culture is for staff to repeat successful service performance consistently into the future. The top service quality leaders use the inva (more...)

The 7 Proven Communication Steps to Improve Customer Service Performance - Here is a common challenge that leaders encounter: An employee's overall performance is solid. However, the employee is not using one particular skill or set of skills necessary to deliver high-qua (more...)

7 Trade Show Secrets on How to Create a Stand Out Booth - Trade shows can be a wonderful source for developing a supply of new leads for your sales cycle. If you are new to the trade show circuit however; beware of jumping right in without doing some ho (more...)

Brief Description of contract manufacturing - An organization capable of manufacturing or purchasing all the components that needed to produce a finished device or product. It involves the process of making of subcomponents or products for o (more...)

Corporate Events Management In The Benelux Countries - When it comes to corporate events, those holding their meetings in Belgium, the Netherlands or Luxemburg are spoilt for ideas. With centuries of history and culture, outstanding sports and leisur (more...)

Buying and Selling Used Office Furniture Saves Your Business Money - Buying the new furniture is not always a good decision every times. It's sometime better to use used furniture which is in good condition & save assets. Looking to cut your expenses a (more...)

Art Management Career Outlook - As knowledge of the arts and other cultural activities grow in abundance in subsequent years, the entertainment industry evolves along with the rise of many forms of art and other kinds of amusemen (more...)

Art Management Job Description - Becoming an Art Manager They go under different names. You may call them artists' representatives, agents, managers or consultants. Under all these titles the art management job description (more...)

free content

Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.