Information Security Assessment
Great Question!
An information security assessment is basically what is says. It is an assessment of the current information security posture of an organization. Lets break this statement down further by examining the keywords in the preceding statement...
Assessment - an analysis and judgment. In our case, an objective analysis of your business as it relates to information and a judgment of risks associated with how you use this information.
Current - a point in time. An information security assessment only represents the values and risks associated with how an organizations uses information at the time that the assessment was conducted. Some people use the term "snapshot".
Information Security Posture - a representation of how an organization manages information security. In order to make an accurate representation, an organization's information security controls need to be put into perspective or compared against something. The "something" can be industry or regulatory compliance (PCI-DSS, HIPAA, GLBA, etc.), it can be risk scoring and weighting or it can be a comparison against a framework (COBIT, ISO 17799:2005, etc.).
At FRSecure, we base a vast majority of our information security assessments upon ISO 17799. ISO 17799 is an international, industry accepted standard management model for information security.
Why have we chosen ISO 17799? Read FRSecure's Approach
Copyright � 2009 FRSecure LLC All Rights Reserved.