
	Home > What are the tangible deliverables of the security assessment?

FAQ:

EMAIL THIS

LICENSING & REPRINTS

What are the tangible deliverables of the security assessment?

19 May 2008 | SearchSecurityChannel.com

Digg This!

StumbleUpon

Del.icio.us

About the author

Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

The standard deliverable is typically a written report comprised of an executive summary, description of assessment methodology, findings with associated risk rankings, recommendations and supporting appendices. It's always good to discuss the intended audience of any deliverables, to clarify expectations of different constituencies as appropriate (executive, management, technical staff, etc.). If time and materials is specified as the sole deliverable (such as in staff augmentation engagements), then this should be specified along with mechanisms to determine customer satisfaction in the absence of tangible deliverables.

Return to the security site assessment FAQ guide and read the rest of Joel's expert answers.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Security Risk Analysis and Risk Management
	How to generate revenue from unified threat management
	Unified threat management: Migration and management techniques
	Unified threat management: An intro for solution providers
	Podcast with Dr. Paul Rohmeyer on choosing a remote management platform
	Have you created a map of the to-be architecture?
	How will you leverage the remote management platform architecture to demonstrate controls effectiveness?
	How does the remote management platform complement your existing architecture?
	What is your business and what are the data risks?
	How will you monitor for unknown threats with the remote management system?
	How will you gather the data from the remote management platform?

Pre-assessment questions

What is the scope of the assessment?

What type of security assessment does the client want?

Are there any relevant policy, compliance or third-party attestation issues?

Do you have a planned schedule for the security assessment?

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2006 - 2008, TechTarget \| Read our Privacy Policy