Security Assessment Description And Assessments Of The Information Security Office

1556 Words 7 Pages
Register to read the introduction… ➢ Application This is an assessment of the functionality and resilience of the compiled application to known threats. This assessment focuses on the compiled and installed elements of the entire system: how the application components are deployed, communicate or otherwise interact with both the user and server environments.

Application scanning tools as well as manual testing with and without application credentials are used to perform this assessment. Typically some host, network, and general information security practices are assessed as part an application vulnerability assessment.

This assessment will answer questions like: • Does the application expose the underlying servers and software to attack • Can a malicious user access, modify, or destroy data or services within the system

This would involve the ISO auditing an application (typically web based) and looking for vulnerabilities like: • SQL Injection • Cross Site Scripting • Cross Site Request Forgery • Improper data sanitization • Buffer overflows (limited) • Mis-configured/weak authentication • Etc.

…show more content…
This service is currently outsourced though ISO can serve as the engagement manager with a number of preferred suppliers.
Questionnaire:
The following questionnaire is necessary to guarantee the accuracy of the time estimates as well as the thoroughness of the assessment. Please fill out as much of the information as possible.

Basic Information
|Name: | |
|Title: | |
|Telephone: |
…show more content…
| |
|(Examples – Sarbanes-Oxley, GLBA, HIPAA) | |

Audit Information
|Would you like the Information Security Office to perform a network-based |

Related Documents