Security Assessment Description And Assessments Of The Information Security Office
Application scanning tools as well as manual testing with and without application credentials are used to perform this assessment. Typically some host, network, and general information security practices are assessed as part an application vulnerability assessment.
This assessment will answer questions like: • Does the application expose the underlying servers and software to attack • Can a malicious user access, modify, or destroy data or services within the system
This would involve the ISO auditing an application (typically web based) and looking for vulnerabilities like: • SQL Injection • Cross Site Scripting • Cross Site Request Forgery • Improper data sanitization • Buffer overflows (limited) • Mis-configured/weak authentication • Etc.
➢ …show more content…
This service is currently outsourced though ISO can serve as the engagement manager with a number of preferred suppliers.
The following questionnaire is necessary to guarantee the accuracy of the time estimates as well as the thoroughness of the assessment. Please fill out as much of the information as possible.
|Name: | |
|Title: | |
|Telephone: | …show more content…
|(Examples – Sarbanes-Oxley, GLBA, HIPAA) | |
|Would you like the Information Security Office to perform a network-based |