PCIS: Trusted Security Advisors
Business technology is a constantly changing and evolving area of any modern organization. This constant progression requires regular investigation and re-evaluation of process, people and security. By adopting a process which recognizes the information security model ensures that critical issues, gaps, and business processes are regularly investigated and adapted to reduce the potential exposure and risk to the organization.
The PCIS Methodology
Assessments can take on many names and vary in terms of methodology, rigor and scope. However, the core objective remains consistent – identify and quantify the risks to an organization’s technology and information assets. The risks present within technology and business data has precipitated the need for organizations to become proactive in understanding their security needs. PCIS’ Security Vulnerability Assessment provides a wealth of foundational information which helps organizations move decisively towards developing a proactive security posture.
Activity includes focus groups, worksheets, interviews, and capturing data to develop a clear understanding of the organization’s people, process and technologies. In evaluating the collected information a detailed Assessment Execution Plan is created. The purpose of this plan is to efficiently guide activity throughout the following Security Assessment engagement. If specific regulatory requirements are a consideration, evaluation tasks designed to meet all regulatory requirements are also defined with the Assessment Execution Plan.
Assessment activities are conducted within the contexts defined within the Discovery engagement, these include:
- Information sharing (verbally, visual demonstrations and documentation)
- Observing (configuration and execution of policies)
- Scanning for vulnerabilities using software-supported and manual tests
- Reviewing of organizational security policy and technical documentation
For most organizations, Assessment activities can be completed remotely, minimizing the need for on-site scheduling and demands on their internal resources.
For a complete overview, including reporting options download the overview of the PCIS Comprehensive Security Vulnerability Assessment service offerings.