The goal of a security assessment, (also known as a security audit or security review), is to ensure that necessary security controls are integrated into the design and implementation of a project. A properly completed security assessment should provide documentation outlining any security gaps between a project designs and approved corporate security policies. Management can address security gaps in three ways: Management can decide to cancel the project, allocate the necessary resources to correct the security gaps, or accept the risk based on an informed risk / reward analysis.
Methodology
Vonda Consult with its partner from Germany will do the following methodology outline is put forward as the effective means in conducting security assessment.
- Requirement Study and Situation Analysis
- Security policy creation and update
- Document Review
- Risk Identification
- Vulnerability Scan
- Data Analysis
- Report & Briefing