What is the scope of the assessment?

Before beginning a security assessment on IT systems, service providers should discuss the scope of the assessment. Learn why it is important to decide the scope of an assessment before its execution.

This Content Component encountered an error

About the author
Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

As with most consultative engagements, the scope of the assessment is all-important. Value-added resellers should clarify the parameters of the assessment, including the nature of specific environments/components to be assessed. For example, will the assessment cover physical, network, application, database, personnel, policy and/or wireless assets? This will help the reseller determine the types of tools and skills necessary to deliver. The scale of work (i.e., number of iterations) is also important, e.g., number of IP addresses to be scanned/assessed. The reseller should also ensure it has permission to assess all in-scope assets, especially if third-party assets are to be targeted.

This was first published in May 2008

Dig deeper on Introductory Security Services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close