After Action Review
The After Action Review allows organizations to update their initial risk assessment with a re-evaluation as often as needed for up to 18 months following a Technology Based Assessment or a Standards Based Assessment. The After Action Review allows organizations to stay current as their information network changes and as vulnerabilities are identified and closed. This approach provides a cost effective means for organizations to extend their information security protection period.
Price:
Price for the After Action Review depends on the complexity of the network and the number of changes incorporated since the last SBA or TBA assessment. When applicable, travel expenses will be directly charged to the client.
Projected Schedule:
The time necessary to complete the After Action Review can vary, depending on the amount of changes to the network since the initial assessment. In most cases, the After Action Review can be completed in five business days by one security consultant. Majority of the work will be performed on the client's premises.
Deliverables:
The After Action Review includes the following up-dated deliverables, following a Standards Based Assessment or a Technology Based Assessment:
- Review of the SBA or TBA findings
- Evaluation of mitigation activities since completion of the SBA / TBA
- Review of action plans
- Review of policies and procedures as necessary
- After Action Review detailing adjusted risk levels and on-going risk mitigation activities
- Management Briefing
