| Three security deployments scare me more than any other and would cause me to seek the services of seasoned professionals: SIEM, DLP, and Full Disk Encryption. The depth of knowledge the folks at Vigilant have can only come from smart people putting in long hours learning how to solve hard problems | ||
|
Target Capabilities Assessment Methodology
Security assessments can be broad in scope – such as an overall assessment against ISO standards, or an assessment of security operations architecture and runbook processes – or very targeted, as might be the case with an application vulnerability assessment. Many assessments for large organizations are undertaken to address the challenge to comply with multiple industry and regulatory standards simultaneously.In any case, an assessment evaluates “current state” against a picture of the ideal end state. It typically consists of four staged functions: definition of objectives and requirements; information gathering; gap analysis; and recommendations. Many consulting companies use a standardized model of what the customer end-state should look like, which tends to yield recommendations that are not finely attuned to the specific customer priorities, therefore are less readily actionable and aligned to a limited budget.
But there is no such thing as a one-size-fits-all assessment because no customer environment is the same, resources to implement recommendations vary, and there is rarely a common “reference architecture” for the ideal outcome.
Vigilant’s Target Capabilities Assessment methodology delivers achievable, prioritized recommendations finely tuned to your most pressing concerns, considering your timeframe, budgetary constraints, and the need to maximize your existing investments.
Vigilant assessments start by working with your team to define a customized Target Capabilities Model (TCM) – a mapping of your relevant security policy and business requirements to the specific security controls and to the people, process, and technologies needed to achieve your goals. The TCM assigns relative weights to each requirement, reflecting its importance to your overall IT risk program. Once defined, it is used as a framework to ensure buy-in from all stakeholders, focus information-gathering, and serve as the baseline reference for gap analysis and recommendations.