Technology Based Assessment
The Technology Based Assessment (TBA) focuses on the technical aspects of risk management and provides a first-step approach to information security. The TBA concentrates on vulnerabilities that are associated with your computer hardware, software, and network connectivity. The TBA addresses 54 individual technical requirements referenced in the ISO 17799 standard. This solution offers companies a cost effective means to address the technical issues surrounding information security, which may account for up to 70% of an organization's vulnerabilities.
Price:
The price for a Technology Based Assessment is dependent on the complexity and distribution of the network to be assessed and includes factors such as the number of servers, desktops, firewalls, intrusion diction systems, and operating systems. Price is a function of time and travel necessary to complete the assigned tasks.
Projected Schedule:
Time to complete the Technology Based Assessment varies depending on the complexity of the network. As a general rule, one week is spent on-site gathering the necessary data and one to two weeks are spent assessing the data, documenting results, and preparing reports.
Deliverables:
Executive Summary - The Executive Summary details vulnerabilities that received a ranking of High or Med-High and provides a table listing all vulnerability rankings identified.
Technology Based Assessment Report - The TBA Report documents the system architecture, system security requirements, protection mechanisms, and resources.
Findings and Risk Vulnerabilities Report - This report identifies vulnerabilities, assigns risk levels, and recommends remediation.
Security Test and Evaluation Plan and Procedures Report - This report lists each security requirement, identifies the test methodology, and provides an impact statement for each requirement.
Vulnerability Scan Data - Raw scan data.
Security Requirements Traceability Matrix - This report relates requirements from source documents to the security assessment process. It ensures that all security requirements are identified and evaluated. Each row of the matrix identifies a specific requirement and provides the details of how it was tested or analyzed and the results.
