Understanding the different types of security assessments
- Your entire organization's security posture
- Your hardware product's security control effectiveness
- Your software product's security control effectiveness
- Your building's security
- Your staff's security awareness
- Your security staff's ability to respond to an active threat
Beyond that list, there are various methods in performing these types of assessments, including having your own staff members perform an internal review, or having another organization perform a third-party review. Furthermore, automated testing can be performed.
Internal reviews are effective in reducing costs, and in some circumstances, they can save time, providing the internal team is well-acquainted with the processes they are reviewing. However, internal reviews lack objectivity...