Security Associates Corp™
5218 Keller Ridge Rd.
Clayton, CA 94517
ENTERPRISE COMPLIANCE MANAGER
The Assessment Process
Step 1. The Pre-Assessment
In this phase, the user will access
multiple forms and databases to ensure easy tracking
of all logistics needed to administrate a comprehensive
security assessment. The databases include the ability
the actions of the assessors.
Use the Pre-Assessment
Checklist to track everything needed before an assessment.
and track customer interview schedules.
functions to IT functions.
Set up and
track appropriate interview questions and answers.
meeting times, dates, and conversations.
Map the assessment
objectives back to the statement of work.
multiple assessors are accomplishing their objectives.
Step 2. Actual-Assessment
The system allows the user to perform
the following critical risk assessment functions seamlessly,
either separately or in tandem:
vulnerability scanning tools to import data into the
Assessment software, which will identify anomalies
and errors (ISS-Security Scanner, CyberCop support
today). The system also gives the flexibility to use
on board scanners
check” capability for quick overview of security
risk status. Answer fewer questions to determine overall
security risk within physical, operational and network
areas. (Increase assessor productivity and reduce
function allows you to easily pare down the list of
questions to ensure that you only ask those that are
required, while redundant and non-related questions
database will dynamically locate and access key system
commands and port information back into the tool.
architecture designed with the questionnaire, allows
the assessor to drill deeper into business processes
and identify risk.
Core assessment areas include:
Templates are available for the following
Security Management Act
Of Defense Information Technology Security Certification
and Accreditation Program
Step 3. Post-Assessment
Report generation is performed during the Post-assessment.
In most cases consultants spend a majority of their
time having to reformat various sources of information
into a final report for submission. With our template
builder, the assessor will quickly create custom reports
from one of our default report templates. Our methodology
bridges the gap between the IT staff and the business
stakeholder by providing associations of assets and
protection analysis, a prioritization of the most significant
security risks, and vulnerabilities. Our methodology
and tool provides the ability to:
default reports: Executive Summary, Managers &
Technical Report, detailed report, and appendices.
and comprehensive reports on assessment results, identify
security vulnerabilities, and suggest potential solutions
for these vulnerabilities.
risk in various areas including, but not limited to:
IDS, perimeter, physical, and email security, encryption,
privacy, policy and procedures, employee security
solution implementation levels of exposure including,
but not limited to: installation, configuration, penetration
tests, maintenance and monitoring.
for reducing security weaknesses.
Allow the consultant
to create specific questions regarding their environment