INFOSEC Assessment

Assessment is a high-level review of the organization's critical information and a qualitative consideration of the impact of various types of security incidents. It has the greatest shelf-life, providing not only immediate-term direction for remediation, but also longer-term direction about how to improve the overall information security posture of the organization.

Interhack uses NSA's INFOSEC Assessment Methodology (IAM) for performing these assessments.

IAM is made up of three major phases: pre-assessment, on-site assessment, and post-assessment. Pre-assessment involves an on-site working meeting with key members of the sponsoring organization to identify critical information types and review of critical documentation, system configuration notes, and all other relevant formal documentation. The On-site Assessment involves a series of interviews of key members of the sponsoring organization and observation of system demonstrations, in an attempt to understand informal policy and procedure. A presentation is then given to the sponsors, showing initial findings, and allowing the organization to ask questions and to express any concerns. The final phase, post-assessment, is the creation of the formal report of findings.

Key benefits of assessment is that it provides the organization with the greatest value for getting started in understanding its information security posture, seeing where its defenses should be concentrated, and how it stands up in eighteen different areas of information security consideration.

Contact us for specific information on pricing. We'll need to know a bit about the size of your organization and any specific concerns that you might have.