Has a kick-off meeting been held for the security site assessment?

As the execution of a security site assessment begins, service providers should hold a formal kick-off meeting with their clients. Learn what aspects of the assessment should be discussed at this meeting.

About the author
Joel Scambray has held diverse roles in information security over a dozen years, including co-author of Hacking Exposed: Windows and Hacking Exposed: Web Applications, senior director of security at Microsoft, co-founder of security technology and service company Foundstone, senior security consultant for Ernst & Young and internationally recognized speaker in both public and private forums. Listen to the supplemental podcast with Joel for more information on security site assessments.

A typical kick-off meeting should give relevant stakeholders a formal alert of start of work, provide contact information to relevant team members, define emergency escalation procedures/channels, review and confirm the project plan, set the schedule for regular status communications/meetings and so on. A well-organized kick-off meeting held on the first day of the project (or slightly before) provides good insurance that expectations are understood -- and thus likely to be met! -- on both sides of the table.

Dig Deeper on Cybersecurity risk assessment and management