Stage 1: Assessment planning and preparation Assessment planning
Update: 2023-05-15
Description
Stage 1: Assessment planning and preparation
Assessment planning
Prior to commencing an assessment, the assessor should conduct assessment planning activities. These activities require the assessor to discuss with the system owner:
- system classification and assessment scope (see further detail below)
- access to low and high-privileged user accounts, devices, documentation, personnel, and facilities
- intended assessment approach and any approvals required to run scripts and tools (see further detail below)
- evidence collection and protection, including any requirements following the conclusion of the assessment
- where the security assessment report will be developed (e.g. on an assessor’s device or on an alternative device)
- approach to stakeholder engagement and consultation (including key points of contact)
- whether any managed service providers or other outsourced providers manage any aspects of the system (including appropriate points of contact)
- access to any relevant prior security assessment reports for the system
- appropriate use, retention and marketing of the security assessment report by both parties.
Beyond Cyber 101 mentorship into cybersecurity and beyond.
Comments
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel