Facilitating the Qualitative Security Assessment: Overview of the Process of Defining and Delivering

The Security Assessment represents a process that is used to help ensure that the appropriate security measures are identified and applied to meet management's expectations for a secure and trusted computing environment. There are two aspects of this process that contribute to its success. The first is the need to provide management with a clear understanding of the security issues and the related threats that impact the processes they are responsible for. The second aspect involves the identification and delivery of solution options and their associated costs, offered by appropriate, qualified solution providers. The result of an effective security assessment is that management is in a better position to make informed decisions concerning the delivery of appropriate security controls for their business processes. It is the intent of this paper to provide an overview of how to involve the appropriate decision makers and the solution providers in the delivery of cost-effective security controls for application systems. The primary beneficiary of this overview is the individual who is charged with facilitating the security assessment process.