Comprehensive Security Vulnerability Assessment

PCIS: Trusted Security Advisors

Business technology is a constantly changing and evolving area of any modern organization. This constant progression requires regular investigation and re-evaluation of process, people and security. By adopting a process which recognizes the information security model ensures that critical issues, gaps, and business processes are regularly investigated and adapted to reduce the potential exposure and risk to the organization.

 

 

Business Technology Security Lifecycle

 

 

The PCIS Methodology

Assessments can take on many names and vary in terms of methodology, rigor and scope. However, the core objective remains consistent - identify and quantify the risks to an organization’s technology and information assets. The risks present within technology and business data has precipitated the need for organizations to become proactive in understanding their security needs. PCIS’ Security Vulnerability Assessment provides a wealth of foundational information which helps organizations move decisively towards developing a proactive security posture.

 

Engagements

Discovery
 
Activity includes focus groups, worksheets, interviews, and capturing data to develop a clear
understanding of the organization’s people, process and technologies. In evaluating the collected
information a detailed Assessment Execution Plan is created. The purpose of this plan is to efficiently
guide activity throughout the following Security Assessment engagement. If specifc regulatory
requirements are a consideration, evaluation tasks designed to meet all regulatory requirements are
also defined with the Assessment Execution Plan.
 
Assessment 
 
Assessment activities are conducted within the contexts dened within the Discovery engagement, these
include:
  • Information sharing (verbally, visual demonstrations and documentation)
  • Observing (configuration and execution of policies)
  • Scanning for vulnerabilities using software-supported and manual tests
  • Reviewing of organizational security policy and technical documentation
For most organizations, Assessment activities can be completed remotely, minimizing the need for on-site
scheduling and demands on their internal resources.