The Key to Effective IT Security Assessments

This month is Cyber Security Awareness month, and Weaver is participating with a series of blog posts and Insights documents dedicated to making the web a more secure, safe place. This is the third blog post in the series. 

What’s in the meaning of a word? Sometimes it’s the difference between success and failure. And that holds true when it comes to an organization’s IT security programs.

The key to effective IT security assessments begins with baselining terminology. This helps management accurately act upon information in a commonly understood manner, mitigating not only technology risks related to data availability, confidentiality and integrity, but also broader reputational, financial and liability risks to the organization as a whole.

An IT security assessment determines whether or not an organization is in compliance with a particular set of IT security standards, such as PCI DSS (Payment Card Industry Data Security Standard), FISMA (Federal Information Security Management Act), or GLBA (Gramm-Leach-Bliley Act), to name a few, and can encompass:

• IT audits
• Risk assessments
• Vulnerability scans
• Penetrations tests

This is where a clear understanding of IT security assessment terminology and definitions comes heavily into play. During assessments, using and understanding proper terminology is crucial for accurately scoping and assessing an environment’s needs, as well as taking appropriate action for successful mitigation. Otherwise, a misunderstanding could lead to misinterpretation of a standard’s requirements, needed methodologies, and even unmet expectations as an end result.

For a comprehensive look at IT terminology related to IT security assessments, including a glossary of terms, download Weaver’s IT Insights document, Understanding IT Security Assessment Terminology.