Home > Security Channel FAQs > Security site assessment services > Security site assessment FAQ: Questions for the client > Pre-assessment questions > What are the tangible deliverables of the security assessment?
FAQs: Security site assessment services:
EMAIL THIS
 START   SECURITY SITE ASSESSMENT PODCAST   SECURITY SITE ASSESSMENT: QUESTIONS FOR THE CLIENT   SECURITY SITE ASSESSMENT: CONSULTANT QUESTIONS   
Security site assessment FAQ: Questions for the client


Pre-assessment questions
<< PREVIOUS | NEXT >>

What are the tangible deliverables of the security assessment?

19 May 2008 | SearchSecurityChannel.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

About the author
Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

The standard deliverable is typically a written report comprised of an executive summary, description of assessment methodology, findings with associated risk rankings, recommendations and supporting appendices. It's always good to discuss the intended audience of any deliverables, to clarify expectations of different constituencies as appropriate (executive, management, technical staff, etc.). If time and materials is specified as the sole deliverable (such as in staff augmentation engagements), then this should be specified along with mechanisms to determine customer satisfaction in the absence of tangible deliverables.

Return to the security site assessment FAQ guide and read the rest of Joel's expert answers.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


<< PREVIOUS | NEXT >>
VIEW ALL IN THIS CATEGORY


RELATED CONTENT
Business risk assessment and risk analysis
Loss leaders: Security products and services to get a foot in the door
Getting to know the NERC CIP standards
The intersection of security and disaster recovery
Remote vulnerability scanning: Process, roles and responsibilities
How to perform a network security audit for customers
Creating your checklist and Summary
How to generate revenue from unified threat management
Unified threat management: Migration and management techniques
Unified threat management: An intro for solution providers
Podcast with Dr. Paul Rohmeyer on choosing a remote management platform

Pre-assessment questions
What is the scope of the assessment?
What type of security assessment does the client want?
Are there any relevant policy, compliance or third-party attestation issues?
Do you have a planned schedule for the security assessment?

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


HomeNewsTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts