Mt Xia: Technical Consulting Group

Business Continuity / Disaster Recovery / High Availability
Data Center Automation / Audit Response / Audit Compliance

-
Current Location
-

css
  Downloads
    Documentation
      mtxia

-

digg Digg this page
del.icio.us Post to del.icio.us
Slashdot Slashdot it!


Business Web Site Hosting
$3.99 / month includes Tools,
Shopping Cart, Site Builder

www.siteox.com

FREE Domain Registration
included with Web Site Hosting
Tools, Social Networking, Blog

www.siteox.com

Audit Compliance

INFOSEC Assessment Methodology (IAM)

IAM is a detailed and systematic method for examining security vulnerabilities from an organizational perspective as opposed to a only a technical perspective. Often overlooked are the processes, procedures, documentation, and informal activities that directly impact an organization's overall security posture but that might not necessarily be technical in nature.

NSA developed the IAM to give organizations a repeatable framework for conducting organizational types of assessments. We can also provide clients, appropriate information on what to look for in an assessment provider.

The IAM is also intended to rase awareness of the need for organizational types of assessment versus the purely technical type of assessment.

National Security Agency's IAM is a baseline measurement of the controls implemented to protect information that is transmitted, processed, or stored by a specific system. Simplified, this is a measurement of the security posture of a system or organization.

Phases of the IAM

Pre-Assessment Phase On-Site Assessment Phase Post Assessment Phase
Identify Information Criticality On-Site In-Brief Additional Documentation Review
Identify System Configuration Interview Site Personnel Finalize Analysis
Set Scope of the Assessment System Demonstrations Consult Additional Expertise
Documentation Request Documentation Review Generate Recommendations
Documentation Review On-Site Out Brief Final Report Coordination
Team Assignment
Pre-Analysis
Site Visit Coordination

Organizationl Information Criticality Matrix (OICM)

The OICM is based on the client decisions about the information types within their own organization that are critical for the completion of their mission and meeting organizational goals.

System Information Criticality

Defines those specific systems that process, transmit, or store the client's critical information. These are the key information systems that have the greatest impact on the client's operations. From a technical perspective, these are the systems that will be most focused on during any technical evaluations that occour in conjuction with the IAM assessment process. From a purely organizaitonal perspective, these are the systems that need the deepest scrutiny because the compromise or complete loss of these particular information systems would most likely have a distinct and often painful impact on the organization.

-
Audit Compliance
-
 

BC Methodology
DR Planning
HA Planning
Virtualization
Datacenter Automation
Audit Response
Document Management
Document Generation
HMC Config Data


FREE Domain Registration
included with Web Site Hosting
Tools, Social Networking, Blog

www.siteox.com

Business Web Site Hosting
$3.99 / month includes Tools,
Shopping Cart, Site Builder

www.siteox.com