© Mercury Consulting Limited, Liechtenstein 2005 http://www.Mercury-Consulting-Ltd.com Product Description

Mercury Consulting Limited

Product Description:

Checklist / Questionnaire

Planning a Security Assessment 

Scope

After reports about hackers in mass media the top management of Company X wants to make sure that this cannot happen to them and ask a consultancy "Send us a security expert to assess our IT system / our e-Commerce System. How long will it take and how much do you charge?"

No serious consultancy or auditing company can make an offer based on that request.

Even if a consultancy makes an offer like "we estimate to need 14 days" the delivered result might not meet the customers expectations.

The following Questionnaire should help to narrow down the scope and help to compile a requirements document for the assessment.

Audience

IS- and IT Directors, Operations Managers

Company internal Auditing Department, Revenue Assurance Department, QA-Department


F Security is not just an IT-issue, its also about processes and policies ! Therefore just assigning the task of ordering a security audit to IT-department is very likely not the optimal solution !

This document is a checklist containing a list of aspects to be considered when ordering a security audit and will help to avoid that important aspects are forgotten.

This document helps those persons responsible (and to some extent even liable) for professional operations of business critical systems in ordering a reasonable assessments to identify possible issues or document the good system status. Although they usually don't have the detailed Security experience and by far not the time to execute such assessments, this document assists in a clear definition of "what" should be checked.

Although this document does not contain an introduction into security nor does it explain the terms used, then this responsible persons should ask a person with reasonable security knowledge for assistance instead of passing this task solely to this security person.



Deliverables


Filename

Size

Description

secasspl.zip

185 KB

Zip-file containing all of the following files



Within this ZIP-file you will find following files:

Filename

pages

Description

security_assessment_planning.pdf

12

Document in Acrobat-Format, Acrobat Reader required

security_assessment_planning.rtf


Same content as .PDF-file, but this file is in "Rich Text Format" (RTF) which can be imported into (nearly all) text processing programs. This enables you to fill out the documents