This service makes use of automated tools and manual inspection, and requires a high level of understanding of the client’s intended use of the system.
The exact process depends on the system or component being assessed, the environment in which it is to operate, and the organisation’s appetite for technical risk, however, it will typically involve the following:
- Define Goals – Understand the purpose of the system being assessed, and any standards against which it will be measured.
- Automated Configuration Scanning – Use of automated configuration scanning tools to identify and assess configuration options.
- Manual Audit – Using agreed standards, manually review the system or component against the security objectives and business objectives. Reporting – Production of a detailed report on areas of non-compliance, non-conformance, potential technical risks, and suggested remedial steps where appropriate.