This service is a high-level assessment (10,000 foot view) of data security, gathering information from all enterprise business and IT units to identify the level of associated security risks. Assessment metrics are from the point of view of the established key elements of data security:

• Confidentiality
• Integrity, and
• Availability.

The scope of the Assessment borders the internal infrastructure up to, but not including, the Internet, external business partners, and other associated 3rd parties. This Security Assessment is an indispensable risk assessment tool which typically generates a "snapshot" of the prevailing threat environment and security infrastructure, and can assist in defining a plan to achieve increased security in the in most efficient manner.

The Enterprise Security Assessment deliverables include a detailed report on the findings and a presentation of the findings to key staff. Optionally, the presentation can be segmented to meet the needs of varied levels of management (i.e., CTO/CIO, IT Management, and/or operational staff).

A typical Enterprise Security Assessment for medium-sized business is a minimum of 5 person-days in duration, but all Assessments need to be analyzed prior to the generation of a cost estimate. The costs vary widely due to the variable size of enterprise IT environments, geographic distribution and potential T&E costs.

This Service serves as foundation for future Host Vulnerability Assessments and Policy Generation projects.