Understanding Information Security Services
Among purchasers of security services, a great deal of confusion exists about what kinds of services are available and what can be expected of each type of service. Here, we discuss assessment, evaluation, and penetration testing in terms of deliverables and key benefits for achieving the high-order goal of information assurance.
There are three key differences among these three levels of service. The first is “shelf life,” that is, how long the report that results will be useful. The second difference is breadth of consideration, how broadly information security will be considered. The final difference is depth, just how deeply into the technology and implementation the service will go.
White Paper:
Understanding
Information Assurance Services
- Assessment
- provides the broadest consideration, with the greatest shelf life, but with the least depth, and is thus an appropriate starting point.
- Evaluation
- establishes whether systems are in compliance with specific standards in a cooperative effort with the organization, narrowing the focus somewhat, with shorter shelf life, and with greater depth.
- Penetration Testing
- determines whether a specific target is vulnerable to a specific attack at a specific point in time. This consideration is the most narrow, has the shortest shelf life of all, and the greatest technical depth.
The key to success in information assurance spending is understanding your needs and what can be done to address them given the resources available.
When selecting a service to help your organization achieve and maintain information assurance, your dollar will go furthest by performing these functions in order: assessment, evaluation, and testing. By starting at the beginning and working forward, each level will be able to build upon the previous level, thus providing greater value.
Information assurance is serious business, but it need not be cost-prohibitive. Understanding your needs and knowing which questions to ask a prospective vendor will help you to find a partner who will be able to take best care of your organization and make the most of your information assurance dollar.
