In: Categories » Business » Management » Customer Definition of an Assessment
|
A critical first step for an assessment project is to come to a common understanding on what composes an assessment. Often you have to spend a great deal of time with potential customers just defining what they are looking to accomplish with the “assessment” process.The term assessment has been used loosely for years to describe everything from an audit to “attack and penetration” testing. NSA has broken up what has been traditionally called assessments into a threephase, top-down approach. 1. Assessment The assessment is an organizational-level process that focuses on the nontechnical security functions within an organization. In the assessment, we examine the security policies, procedures, architectures, and organizational structure that are in place to support the organization. Although there is no hands-on testing (such as scans) in an assessment, it is a very hands-on process, with the customer working to gain an understanding of critical information, critical systems, and how the organization wants to focus the future of security. 2. Evaluation The evaluation is a hands-on technical process that looks specifically at the organization from a system/network level to identify security vulnerabilities that exist in those systems and can be mitigated through technical, managerial, or operational means. Evaluations are often confused with assessments.The IAM specifically focuses on the assessment, but elements of evaluations can be included in the IAM process. NSA calls this a Level 1+ assessment.This includes doing technical analysis of the firewalls, intrusion detection systems, guards, and routers. It may also include some basic vulnerability scans of the customer’s networks. In addition, the IAM process provides excellent information that leads into future evaluations. 3. Red teaming Red teaming, often called attack and penetration testing, is a process whereby someone imitates an adversary looking for security vulnerabilities to make it easy to break into a system or network.This is often called the low-hanging fruit because these vulnerabilities are the easiest means into the customer network.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
Let’s look at the difference between managing and leading. The two terms are sometimes used interchangeably—such as when people refer to someone in a management position as a leader—but there are important distinctions. The difference between managing and leading is the difference between doing things right versus doing the right things. Doing things right means being efficient. Doing the right things means being effective. Sales leaders are efficient when they get quotes and other work...
2. How to Become an Exceptional Sales Professional
The two things that salespeople must do are to sell and to keep customers happy. It’s not complicated, but it’s not easy. One of my assignments while at AT&T involved designing a sales competency model. We wanted some way of assuring ourselves that our salespeople could sell effectively. We wanted to know we could relied on them to consistently deliver results that we and customers wanted. We were especially concerned about preventing mistakes by identifying the skills or knowledge they needed ahead of time....
3. Economic Incentives when creating a company
One of the critical attributes of the value creating company is the degree of attention paid to providing appropriate near-term and long-term incentives to its managers and employees. There should be a true causeand- effect phenomenon surrounding incentives and results. If a company’s incentives are based on some of the common, broad accounting measures such as return on equity, or return on assets, or even earnings per share, there is a real risk that decisions, large and small, will suffer from the economic disc...
4. Management Philosophy Choices Practices and Actions
Management Philosophy The company’s management pursues the hologram philosophy whereby each employee is a replica of the whole and understands management’s visions and the company’s daily business situation and long-term strategy. That allows employees to make independent decisions to implement corporate strategy, while taking into account short-term tradeoffs, broad business implications, and other consequences. The management recognizes that people are “incredibly ...
Companies have worked hard at restructuring themselves in response to the dramatic changes that have occurred in the economy and in their marketplaces in recent years. Here are a few thoughts concerning some of the serious errors companies have committed in their efforts to change: Mistake 1: Laying Off Only Lower-Level Support Staff Personnel decisions are made by senior and middle management— who, of course, are not going to choose themselves for outplacement. As a result, the company ends up ...
6. Risk Assessment Form
Purpose Risk assessment forms are used to capture outputs from the risk management process so that key stakeholders are aware of both risks identified and the evaluations thereof. Some risk assessment forms are built with risk mitigation information as well, so as to track the responses and the outcomes of those responses. The risk assessment form is a component of a comprehensive risk archive. They may stand alone or be a component of a project status report. Application Risk assessment forms ...
7. Work Results
Purpose Work results are the output of any project effort. The documentation for work results is a record that the effort has been completed and the output has been produced. It is used as proof that the effort was put forth. As with technical documents, work results are used for a wide variety of purposes associated with the varied nature of the work that was completed. Application Documentation from work results is used as affirmation that work has been accomplished as prescribed. If work was...