We offer security assessments in both rapid and deep formats. As the name would suggest, the “rapid” assessment involves a lighter level of analysis with fewer questions and follow up interviews on any given domain than the deep assessment. However, the rapid assessment will still capture the critical points of analysis for the domains covered based on our consultants’ expert experience. Typically a rapid assessment will also involve more client-driven tasks (such as self-assessments with consultant coaching) and fewer Security Architects Partners-driven tasks such as onsite interviews.
We’ll work with each client to determine what level of depth and project methodology makes most sense for their situation and budget: a full assessment, a partial full assessment, or rapid/deep domain assessments.
We can perform rapid assessments for combinations of security domains from a set of more than more 20 domains within the security program. After information collection, we deliver a “Rapid Assessment and Gap Analysis” with a “Preliminary Roadmap” for the subset of the security program covered. Such engagements are scoped to the client’s projects or responsibilities. For example, we could deliver a “Cloud Security Assessment and Gap Analysis” that would cover governance, risk management, security audits, identity management, security monitoring and incident response for enterprise use of cloud services.
We have a standard set of tools we use for security domain assessments. Where necessary we work with clients to prepare tailored assessment questionnaires and interview schedules. After conducting a series of interviews and rolling up the results for client review, we generate a draft report, take comments, and provide a final report.
Domain assessments always include a gap analysis against known good practices and preliminary improvement roadmap. After an assessment, we provide an optional support package to keep following up at least once a month to help plan and guide your security roadmap, or flow forward into an architecture engagement.