Architecture Assessment

Home>Security Services>Architecture Assessment

The Architecture Assessment is the foundation upon which the technical evaluation of an enterprise security program is based. The goal is to evaluate, from a technical perspective, the maturity of various components of an enterprise’s information security program. The process starts with requests for network diagrams and device configurations (routers, switches, firewalls, etc.) to evaluate against common security holes, misconfigurations and vulnerabilities associated with network design and configuration management practices. The balance of the process mirrors the Information Security Program Assessment, but from a technical perspective rather than a process/procedure perspective.

We interview stakeholders to evaluate security controls around the following areas as they relate to the overall risk management process:

  • Perimeter Security
  • Network Segmentation, Design, and Security
  • Host Security
  • Application, Patch, and Configuration Management
  • Tactical Implementation of Administrative Security

The data collected, our findings and recommendations and other output from the architecture assessment feeds vital information directly into the enterprise risk analysis process. The summary of findings and recommendations are presented in addition to the detailed raw reporting from the vulnerability testing. The vulnerability testing reports provide comprehensive recommendations for addressing all issues discovered while the summary report of findings identifies gaps in program components that, when viewed as remediation projects, address whole groups of vulnerabilities at a time by virtue of process improvements rather than one-off remediation activities.

Ask An Expert

Learn more about our Architecture Assessment service.

Speak to one of our experts today.
Ask An Expert