Security System Assessment

By techdoc

In assessing the minimum levels of proactive, reactive and preventative security initiatives required by law or considered to be desirable by an organization or individual we must first undertake an information gathering process. After we have collected enough information to give us adequate understanding of the specifics of the systems involved we need to equate this into both a subjective view and a technical requirements statement.

With this done, we move on to the major system design decision making phase. Elements that are most pertinent and require firm decisions to be made here include:

· Identifying what must be protected including regulatory requirements, local by-laws, emergency services requirements and guidelines, insurance compliance considerations, taxation concerns

· Now to identify what assets/resources are worth protecting (including sentimental motivations)

· Identify who or what you desire to be protected from

· Identify what you wish you could protect This will include sentimental motivations and “pie-in-the-sky objects (you never know what was once impractical may now fall into the realm of perfectly acceptable and cost effective to implement.

· How much protection is enough including risk mitigation and insurance

· Risk/threat and occurrence/impact analysis

· A risk/impact matrix used in conjunction with regulatory guidelines make very useful tools for accomplishing the production of a prioritized list of risks, threats, exploits, occurrence ratios, relative occurrence ratios. They can also be used in the evaluation of an event or type of event’s degree/severity of impact on an incident by incident and event impact.

· Produce a security roadmap so that you don’t lose sight of the big picture and where you want to go. Doing so will enable you to keep track of where you are, what has been done and what is to follow

Major considerations will concern such factors as ecommerce, Payment Card Industry (PCI) regulations and requirements, privacy laws and regulations, holding and retention requirements (particularly tax legislation), communications including email, messaging and telecommunications, Internet presence and persistence (website security, availability and accessibility), hosting services and hosted services, database (security, availability and accessibility) both onsite and offsite storage (security, availability and accessibility), security policy review

Content Source: Security System Assessment - Bukisa.com