A security assessment is conducted to determine the degree to which information system security controls are correctly implemented, whether they are operating as intended, and whether they are producing the desired level of security. A vulnerability assessment is conducted to determine the weaknesses inherent in the information systems that could be exploited leading to information system breach. Without security and vulnerability assessments, the potential exists that information systems may not be as secure as intended or desired.
A security assessment policy should apply to all information systems and information system components of a given company. Specifically, it includes:
Security and vulnerability assessments should be performed against all information systems on a pre-determined, regularly scheduled basis. While both security and vulnerability assessments may be performed by internal staff on an on-going basis, it is recommended that third parties should be retained periodically to ensure appropriate levels of coverage and oversight.
Info-Tech Research Group has developed the following outline for conducting a thorough assessment. You can also download their Security Assessment Policy at no cost from the IT Business Edge Knowledge Network.
Microsoft Outlook 2010: Eight Great Features
Eight reasons businesses should consider upgrading to Microsoft Outlook 2010.
Contract Negotiation Strategy: Waste Less Time and Get Better Deals
Negotiate contracts with confidence with these tips.
Now Hiring: Top 10 In-Demand Tech Skills
Two-thirds of those surveyed by Dice.com said they had at least one hard-to-fill position available.
Related Topics : Topics
When heading out for a business trip, there are a variety of apps travelers can use to ease the traditional pain-points of being on the road. ... More >>
The SDN market is still a relatively young one, and 2014 is likely to be a year of growth as technologies mature and vendors aim to deliver on their promises. ... More >>
Although mobile dev has dominated trends and will continue to progress technology in general, 2014 will be the year that Web development fights back. ... More >>