Set of standardized procedures and methodologies that provide an overall perspective of the target infrastructure
therefore allowing a comprehensive understanding of its information security issues. From this analysis it is gathered a
set of security indicators, including risk-awareness and resilience metrics. This analysis includes not only but also:
V&V (verification and validation) of security policies;
V&V of physical communication infrastructures;
V&V of systems security, including vulnerability identification;
V&V of established protection mechanisms;
V&V of the staffs' susceptibility to spam;
After this analysis, it is possible to:
Identify actual threats to the organization infrastructure and the associated risk level.
Provide support to define and disseminate security policies that support, not hinder, the business goals.
Define policies that prevent expensive recovery costs by mitigating the impact of potential security breaches, both from internal and external sources.
Implement customized technologies to support those policies (not the opposite), maximizing reuse of the current infrastructure, therefore leveraging previous investments.
Maximize new investments to ensure the business continuity, not technology by itself.