Simply put, an information security assessment is a measurement of the security posture of a system or organization (Miles, Rogers, Fuller, Hoagberg, & Dykstra, 2004)
The security posture is the way information security is implemented. Security assessments are risk-based assessments, due to their focus on vulnerabilities and impact. Security assessments rely on three main assessment methods that are inter-related: Technology, People and Processes.
Why do I need to perform a security assessment?
There are plenty governmental regulations that require some sort of security assessment within an organization, varying in frequency and complexity.
Bound or not to any governmental regulation, you still might want to perform an assessment and benefit in the following ways:
- Discover compromises in your IT infrastructure and services.
- Stay on top of the latest security threats.
- Make sure that your staff is being prudent by maintaining a focus on IT security.
- Maximize awareness and understanding of security concerns throughout your company.
- Boost trust between your customers and your company