Best practices in performing security assessments
Regardless of whether your organization is undertaking an internal assessment or has engaged a third party to assess its Information Security posture, there are a few best practices that are effective in ensuring that the value of the assessment being undertaken is maximized.
The key takeaways are as follows:
- Ensure the engagement has enough time to be completed thoroughly. There is no point in rushing, but additionally, it's important to ensure the test doesn't drag along and that you keep your valuable IT and security staff occupied on the assessment rather than their day-to-day requirements.
- Ensure the test scope is defined to avoid irrelevant assessments.
- Ensure the tester and internal staff assisting the tester are well-trained, prepared, and knowledgeable to increase the value of the assessment.
There are also some processes that can be utilized in order to effectively choose the appropriate...