Security Program Assessment

Security Program Assessment Services

Enterprise Security Program Assessment services are designed to help clients determine the current state of their enterprise security program. Solutionary Professional Security Services (PSS) consultants work with clients to review their information security architecture, technical and compliance controls and their overall security program. They can also be focused on a specific business unit or recent acquisition.

These assessment services provide the review of technical, process, physical and compliance controls, with three primary offerings:

  1. Security Architecture Assessment: an assessment focused on an organization’s security devices and applications, reviewing device placement, integration of capabilities and workflow between devices and configuration of appliances, software, and operating systems, to provide guidance to enhance security posture, address risk or compliance gaps or add additional capabilities.
  2. “Quick Start” Security Assessment: an assessment providing a rapid overview of an organization’s security control environment, with an external and internal vulnerability analysis and a high-level evaluation of the currently implemented security controls, based on industry best practices. 
  3. Enterprise Security Assessment: a detailed assessment, evaluating a control environment both as designed and as implemented, typically performed using the ISO 27001 Annex “A” control set or SANS Top 20 Critical Security Controls as a baseline, expanded for additional client-specific requirements.

Enterprise Security Program Assessment services can be expanded with additional PSS consulting services, to include a review of indicators of compromise, threat intelligence, incident response planning, penetration testing, additional regulatory or compliance requirements testing or vendor risk management. 

Functional Security Program Assessment

As part of the Security Strategy, Planning and CISO Services, these assessments are designed to appraise specific elements of a security program or support Solutionary Managed Security Service offerings, including: