Security Associates Corp™
5218 Keller Ridge Rd.
Clayton, CA 94517

The Assessment Process

Step 1. The Pre-Assessment Phase.

In this phase, the user will access multiple forms and databases to ensure easy tracking of all logistics needed to administrate a comprehensive security assessment. The databases include the ability to:

  • Identify the customer’s priorities.
  • Chronicle the actions of the assessors.
  • Use the Pre-Assessment Checklist to track everything needed before an assessment.
  • Determine and track customer interview schedules.
  • Identify customer objectives.
  • Track business functions to IT functions.
  • Track all business processstakeholders.
  • Set up and track appropriate interview questions and answers.
  • Track all meeting times, dates, and conversations.
  • Map the assessment objectives back to the statement of work.
  • Ensure that multiple assessors are accomplishing their objectives.

Step 2. Actual-Assessment Phase

The system allows the user to perform the following critical risk assessment functions seamlessly, either separately or in tandem:

  • Utilize industry-accepted vulnerability scanning tools to import data into the Assessment software, which will identify anomalies and errors (ISS-Security Scanner, CyberCop support today). The system also gives the flexibility to use on board scanners
  • “Health check” capability for quick overview of security risk status. Answer fewer questions to determine overall security risk within physical, operational and network areas. (Increase assessor productivity and reduce costs)
  • The questionnaire function allows you to easily pare down the list of questions to ensure that you only ask those that are required, while redundant and non-related questions are skipped.
  • The Reference database will dynamically locate and access key system commands and port information back into the tool.
  • The modular architecture designed with the questionnaire, allows the assessor to drill deeper into business processes and identify risk.

    Core assessment areas include:
  • Physical Security
  • Network Security
  • Operational Security
  • Policy compliance
  • Application Security

    Templates are available for the following assessments:

  • Sarbanes Oxley
  • HIPAA Compliance
  • Gramm, Leach, Bliley Act
  • ISO17799
  • Federal Energy Regulatory Committee
  • Federal Information Security Management Act
  • Department Of Defense Information Technology Security Certification and Accreditation Program

Step 3. Post-Assessment Phase

Report generation is performed during the Post-assessment. In most cases consultants spend a majority of their time having to reformat various sources of information into a final report for submission. With our template builder, the assessor will quickly create custom reports from one of our default report templates. Our methodology bridges the gap between the IT staff and the business stakeholder by providing associations of assets and protection analysis, a prioritization of the most significant security risks, and vulnerabilities. Our methodology and tool provides the ability to:

  • Provide three default reports: Executive Summary, Managers & Technical Report, detailed report, and appendices.
  • Provide detailed and comprehensive reports on assessment results, identify security vulnerabilities, and suggest potential solutions for these vulnerabilities.
  • Rank potential risk in various areas including, but not limited to: IDS, perimeter, physical, and email security, encryption, privacy, policy and procedures, employee security training, etc.
  • Calculate security solution implementation levels of exposure including, but not limited to: installation, configuration, penetration tests, maintenance and monitoring.
  • Recommend fixes for reducing security weaknesses.
  • Allow the consultant to create specific questions regarding their environment with ease.

   © 2011       Copyright Security Associates Corp™