A security assessment is conducted to determine the degree to which information system security controls are correctly implemented, whether they are operating as intended, and whether they are producing the desired level of security. A vulnerability assessment is conducted to determine the weaknesses inherent in the information systems that could be exploited leading to information system breach. Without security and vulnerability assessments, the potential exists that information systems may not be as secure as intended or desired.
A security assessment policy should apply to all information systems and information system components of a given company. Specifically, it includes:
Security and vulnerability assessments should be performed against all information systems on a pre-determined, regularly scheduled basis. While both security and vulnerability assessments may be performed by internal staff on an on-going basis, it is recommended that third parties should be retained periodically to ensure appropriate levels of coverage and oversight.
Info-Tech Research Group has developed the following outline for conducting a thorough assessment. You can also download their Security Assessment Policy at no cost from the IT Business Edge Knowledge Network.
Microsoft Outlook 2010: Eight Great Features
Eight reasons businesses should consider upgrading to Microsoft Outlook 2010.
Contract Negotiation Strategy: Waste Less Time and Get Better Deals
Negotiate contracts with confidence with these tips.
Now Hiring: Top 10 In-Demand Tech Skills
Two-thirds of those surveyed by Dice.com said they had at least one hard-to-fill position available.
An eWEEK Property
Copyright 2020 TechnologyAdvice All Rights Reserved.
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.