Mercury Consulting Limited

Product Description:

Checklist / Questionnaire

Planning a Security Assessment 

Scope

After reports about hackers in mass media the top management of Company X wants to make sure that this cannot happen to them and ask a consultancy "Send us a security expert to assess our IT system / our e-Commerce System. How long will it take and how much do you charge?"

No serious consultancy or auditing company can make an offer based on that request.

Even if a consultancy makes an offer like "we estimate to need 14 days" the delivered result might not meet the customers expectations.

The following Questionnaire should help to narrow down the scope and help to compile a requirements document for the assessment.

Audience

IS- and IT Directors, Operations Managers

Company internal Auditing Department, Revenue Assurance Department, QA-Department

F Security is not just an IT-issue, its also about processes and policies ! Therefore just assigning the task of ordering a security audit to IT-department is very likely not the optimal solution !

This document is a checklist containing a list of aspects to be considered when ordering a security audit and will help to avoid that important aspects are forgotten.

This document helps those persons responsible (and to some extent even liable) for professional operations of business critical systems in ordering a reasonable assessments to identify possible issues or document the good system status. Although they usually don't have the detailed Security experience and by far not the time to execute such assessments, this document assists in a clear definition of "what" should be checked.

Although this document does not contain an introduction into security nor does it explain the terms used, then this responsible persons should ask a person with reasonable security knowledge for assistance instead of passing this task solely to this security person.

Deliverables

Within this ZIP-file you will find following files: