Making Sure You Are Ready to Begin

You have reached a critical juncture because you are almost to the point to start the real hands-on work. If you have not already done so, you are going to have to choose to what depth to take this assessment. This should be based on what management expects you to accomplish and what your data and analysis shows. The time you spend running this assessment is generally time that you’re not spending on other job functions. This can cost your organization money or impact your organization in other ways, so like much of life, this, too, is a balancing act.

With that in mind, it is important to note that most experts agree that good security requires policies, procedures, and guidelines. So, if you haven’t much depth and structure there, you should most likely focus on a level I assessment. You will need a good foundation to build effective security. This allows the organization to gain an understanding of critical information, critical systems, and missing and incomplete policies. After these tasks are taken care of, it’s much easier to focus on the future of security.

Before the real fun can begin, you need to finish writing the protocol that will outline what’s going to be done. Although doing the paperwork is not the most glamorous of tasks, it is required. This not only gives you a map to proceed by, but also clearly serves as the approval for you to move forward. Following are some of the elements you will want to include:

  • Approving corporate officer

  • Organizational mission

  • Organizational Information Criticality Matrix

  • Systems Information Criticality Matrix

  • Driving factors, concerns, and constraints

  • Network configuration and documentation

  • Scheduled interviews and demonstrations

  • Required documentation

  • Assessment team members

  • Assessment timeline

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset