|
Assurance Services
“Assurance is a measure of confidence that
the security features and architecture of an information system
accurately mediate and enforce the security policy.”
- "Information Assurance Technical
Framework", 3.1
Confidence
is gained by ensuring that all practical steps have been taken
to protect the information system itself, as well as the data it
contains from violations of policy, laws or customer
expectations of availability, integrity, and confidentiality.
Assurance services are rigorous and methodical activities
designed to determine point in time compliance with the security
policy or a designated set of standards. Correctly these
services include an amount of testing to provide substantive
proof that technical and non-technical controls, safeguards, or
countermeasures are effectively functioning based on their
design and are still producing the expected level of mitigation.
The testing together with rigorous analysis and evaluation
yields a level of confidence or assurance that the required
protection actually exists and at a level sufficient to satisfy
management’s stated target.
-
Certification &
Accreditation (IAM, NIST)
-
Compliance (GLBA)
-
IT Audit
-
IT Governance Audit
-
Outsourced IT Audit
-
Risk Assessment, Mitigation,
Monitoring
|
