Security Diagnostics is aimed at assessing the level of security of a certain organization and can basically be approached in two ways: The first requires performing an Information Systems Risk Analysis, while the second compares the level of security of an organization against a standard. The risk analysis is based on the use of qualitative and/or quantitative methods to determine the assets, their value, their vulnerabilities and the threats to which they are exposed in order to assess the risk involved. The second approach is based on the identification and attainment of pre-established levels of maturity, such as CObIT or ISO-17799, in the areas of Security and Information Technologies.
|
