We offer security assessments in both deep and rapid formats. As the name would suggest, the “deep” assessment involves a deeper level of analysis with more questions and more follow up interviews on any given domain than the rapid assessment. Typically a deep assessment will also involve more Security Architects Partners-driven tasks (consultants performing interviews) and fewer client-driven tasks.
We’ll work with each client to determine what level of depth and project methodology makes most sense for their situation and budget: a full assessment, a partial full assessment, or rapid/deep domain assessments.
We can perform deep assessments of any one or multiple security domain covered in our areas of expertise and of any other domains subject to resource availability. Deep assessments include additional questions to probe into our assessment criteria up to a point appropriate to the client’s level of maturity in the domain, and to discover related risk indicators. This enables us to provide a more detailed gap analysis and preliminary roadmap. For example, we could deliver a “Cybersecurity Assessment and Gap Analysis” covering technical domains such as network security, endpoint security and monitoring, or an “Identity Management Assessment and Gap Analysis” covering compliance, identity life cycle management and application security.
We have a standard set of tools we use for security domain assessments. Where necessary we work with clients to prepare tailored assessment questionnaires and interview schedules. After conducting a series of interviews and rolling up the results for client review, we generate a draft report, take comments, and provide a final report.
For larger, more complex assessments, we can offer onsite assessment workshop delivery, or a combination of online and onsite workshops. Workshops combine informational presentations and group facilitation methodologies with our standard assessment service elements. For example, we could facilitate a brainstorming or team-building day for security stakeholders with an assessment service and/or we could tailor our criteria to vary the level of coverage for specific security domains.
Security domain assessments always include a gap analysis against known good practices and preliminary improvement roadmap. After an assessment, we provide an optional support package to keep following up at least once a month to help plan and guide your security roadmap, or flow forward into an architecture engagement.