Internet
Investigations
Analysis/Assessment Methodology
Assessments are a way to increase information
technology (IT) security. Assessments are done in cooperation with the system owners and are helpful in making
the system owners aware of IT security issues that may exist with their assets. The assessment methodology is a
six step process.
-
Assessment Planning
-
-
This includes initial research of
policies, procedures, applicable laws, and security best practices. Then an assessment checklist is
signed by the system owner. An assessment strategy--the what and how--is
created
-
Fieldwork
-
-
Fieldwork is done in a systematic manner
according to the previously developed checklist. Reports of issues are made in a timely manner to the
system owner/administrator. All security issues are documented and included in the assessment report
delivered at the end of the assessment.
-
Preparing the Report
-
-
The Assessment Report should include
-
-
Executive Summary
-
-
Describe the purpose of
the assessment.
-
Describe the scope of the
assessment.
-
Findings and
recommendations
-
Conclusion
-
Exit Conference
-
-
Management, system owner(s), system
administrator(s), and the assessment team should attend the exit conference. The conference will
accomplish
-
-
Review report
-
Assign tasks for
remediation/mitigation
-
Establish schedule for future
assessments
-
Report to Management
-
-
The report to management will include a
presentation of the executive summary and the status of mitigation/remediation efforts followed by
discussion and/or questions.
For Questions or more Information Contact Us
.
Click Here
| 
