Accelerated Security Assessment

Introduction

SystemExperts^TM pioneered the Accelerated Security Assessment^SM approach to security consulting in 1994 and has been refining it ever since. We created this approach because we recognized that standard consulting methodologies took too long. In addition, too much of the client's money went into consulting process, not into producing usable results. It was a dramatic innovation in 1994. Today, a SystemExperts Accelerated Security Assessment remains in a class by itself and is the fastest and most cost effective way of improving the security of any environment.

What We'll Need From You - very little

Our Accelerated Security Assessment methodology is structured to minimize the burden it places on our clients - this is true both prior to the engagement and during it. We do not require our clients to prepare detailed documentation. Prior to the Assessment, we will need approximately 30 minutes of your time on the phone to answer some basic questions. These questions will enable us to understand your key objectives, constraints, and concerns, allow us properly scope the effort, and to determine the specific technical skills that will be needed on the project team.

How We'll Work Together

We will not be auditing you. Rather, together through a series of highly interactive discussions, we will openly explore the strengths and weaknesses of your entire environment in the context of your business, functional, and regulatory requirements.

The Accelerated Security Assessment will take place over a one to three day period. In advance of the session, we'll provide you with a list of topics and we'll expect you to arrange for people knowledgeable about those topics to participate in the Assessment.

The sessions will be highly interactive, good natured, and mentally draining. What may surprise you to learn is that they are most often quite enjoyable. We'll bring a small team of consultants, typically three or four. We will choose them based on your particular technical needs (e.g., Widows, networking, databases, application infrastructure, PeopleSoft, ISO 17799 or Sarbanes Oxley compliance).

What You Will Get

The Accelerated Security Assessment moves from a high level discussion of what your organization is trying to accomplish with the system to how the current system works, to how it is constructed, and finally, to how it can be improved. The sessions are highly interactive and often provides a forum for organizations to better understand both the ideas behind the their own design and how the system may be improved.

The schedule is flexible, but we typically take the first morning to walk through the business requirements and functional architecture. One or more of your people need to informally present your current solution while our consultants ask questions. During the rest of the day, we will delve into the mechanisms used to accomplish the functions and we will identify potential security issues that we'll focus on later. In many cases, we have dealt with similar issues in the past and we will recommend solutions immediately. More complex issues are left for discussions later in the Assessment when everyone has internalized the full complexity and subtlety of the environment.

We then complete the discussion of mechanisms, review issues, and discuss alternatives. We will encourage you and your staff to bring up particular problems at this time and we will discuss them. Finally, we wrap up the meeting by going over the recommendations and discussing the contents of the final report.

Our report for a typical Accelerated Security Assessment is ten to twenty pages and contains concrete prioritized recommendations. We challenge ourselves to produce findings and recommendations that are concise, easy to understand, and straightforward to implement - and our clients appreciate it.

We seldom stick to a rigid schedule but generally work from high to low level and pursue issues in-depth when the opportunity presents itself. The most important goals for us are to address your particular issues and to recommend practical solutions. We believe that flexibility in these meetings helps to accomplish these goals.

Often Copied, Never Matched

Recently, several of our competitors have copied our approach and unbelievably, market it as their own. Don't be fooled by these knockoffs. What can't be duplicated is the quality of people we bring to each engagement and years of experience in addressing clients' needs in this format. A genuine SystemExperts Accelerated Security Assessment or SystemExperts Security Workshop^SM is a unique experience and provides true insight into the security of your environment as a whole.