We work with clients up front to determine what level of depth and project methodology makes most sense for their situation and budget. With all assessments, our consultants pose questions to probe into our assessment criteria up to a point appropriate to the client’s level of maturity in the domain, and to discover related risk indicators. This enables us to provide a proritized gap analysis.
We have a standard set of tools we use for comprehensive assessments covering the gamut of security disciplines and technologies required for a robust security program. Where necessary we work with clients to prepare tailored assessment questionnaires and interview schedules. After conducting a series of interviews and rolling up the results for client review, we generate a draft report, take comments, and provide a final report.