Interhack Home
Navigation

Services
Overview
Information Assurance
IA Overview
INFOSEC Checkup
INFOSEC Assessment
INFOSEC Evaluation
Penetration Testing
Risk Assessment
Risk Mitigation
Threat Model
Web Privacy and Security
Independent Verification and Validation
WiFi Security
Leveraged Information Assurance Program
Forensic Computing
Protege: The Title Agency Assistant
 Services

Information Assurance Services: Overview

Among purchasers of security services, a great deal of confusion exists about what kinds of services are available and what can be expected of each type of service. Here, we discuss assessment, evaluation, and penetration testing in terms of deliverables and key benefits for achieving the high-order goal of information assurance.

There are three key differences among these three levels of service. The first is “shelf life,” that is, how long the report that results will be useful. The second difference is breadth of consideration, how broadly information security will be considered. The final difference is depth, just how deeply into the technology and implementation the service will go.

White Paper:
PDF Understanding Information Assurance Services

Assessment
provides the broadest consideration, with the greatest shelf life, but with the least depth, and is thus an appropriate starting point.
Evaluation
establishes whether systems are in compliance with specific standards in a cooperative effort with the organization, narrowing the focus somewhat, with shorter shelf life, and with greater depth.
Penetration Testing
determines whether a specific target is vulnerable to a specific attack at a specific point in time. This consideration is the most narrow, has the shortest shelf life of all, and the greatest technical depth.

The key to success in information assurance spending is understanding your needs and what can be done to address them given the resources available.

When selecting a service to help your organization achieve and maintain information assurance, your dollar will go furthest by performing these functions in order: assessment, evaluation, and testing. By starting at the beginning and working forward, each level will be able to build upon the previous level, thus providing greater value.

Information assurance is serious business, but it need not be cost-prohibitive. Understanding your needs and knowing which questions to ask a prospective vendor will help you to find a partner who will be able to take best care of your organization and make the most of your information assurance dollar.

 
Contact Privacy Policy (c) 2001-2008 Interhack