Solution Efficacy Review
"Unleash the Power: Solution Efficacy Review for Unmatched Security Control Effectiveness!".
Step
Information Gathering
- Understand the security solution architecture.
- Obtain security solution configuration.
- Understand the device feature set that is required to support Client’s business objectives.
- Perform an initial review of the critical security settings and patching.
- Review the policies and procedures that govern the use of the security solution, including access controls, incident response, and disaster recovery.
Security Review
- Identify the security solution for testing and obtain test account credentials for functionality, including test instances.
- Initiate testing from “zero knowledge” of the configuration of the security solution.
- Continue testing from perspective of an authorised user attempting to circumvent security controls and gain unauthorised access to restricted functionality.
- Identify any gaps in the processes, such as missing or inadequate controls, lack of policies or procedures, or ineffective monitoring or reporting, based on the existing processes and potential risks and threats.
Client-side Responsibilities
- Security Solution configuration.
- Security Solution architecture documents.
- Security Solution logging Samples.
- Access to key personnel associated with the design of the security solution.
- Credentials, and access for testing from perspective of an authorised user.
Deliverables
- A detailed report including the Security Solution testing findings.
- Recommendations including process gaps to improve overall efficiency of deployed security solution.