Information Technology Security Assessment

Information Technology Security Assessment (IT Security Assessment) is an explicit study to locate IT security vulnerabilities and risks.[1]

There are many reasons that a company would wish to run a security assessment and the kind of assessment that is ultimately chosen is purely dependent on the specific needs of the company ordering the service.

  • For one thing, companies may wish to learn more about who can access their systems and at what permission level they have when they do. This type of assessment is common among companies which run membership sites that deal with payment issues and services, and where having the wrong people accessing the wrong areas of the system could potentially cause a lot of harm. Another type of assessment is insurance-based. It is not uncommon for a company that depends on their IT systems to wonder what would happen if some part of their system was to fail. A security company can run the appropriate tests and offer the correct guidance to safeguard against any possible loss in information or time.
  • There are also many network-related issues that must be taken into consideration. From web content filtering to firewall and intrusion detection to remote access controls, there are a multitude of settings and and configurations that need to be taken into consideration if a company wishes to remain secure.

Companies that conduct security assessments on IT systems and networks follow a fairly standard pattern. They must first observe the system and all of its components to identify the requirements of the task at hand. After the problems and scope have been identified, most companies will then create an action plan to present to their customer. Following that, vulnerability scans, penetration tests, and a few other common methods of testing the security level of a system are conducted.[2]

IT security risk assessments like many risk assessments in IT, are not actually quantitative and do not represent risk in any actuarially-sound manner. Measuring risk quantitatively can have a significant impact on prioritizing risks and getting investment approval. Quantitative risk analysis has been applied to IT security in a major US government study in 2000. The Federal CIO Council commissioned a study of the $100 million IT security investment for the Department of Veterans Affairs with results shown quantitatively.

See Also

Information Technology (IT)
Information Technology Architecture
Information Technology Asset Management (ITAM)
Information Technology Controls (IT Controls)
Information Technology Enabled Services (ITeS)
Information Technology Investment Management (ITIM)
Information Technology Risk (IT Risk)
Information Security Governance
Information Security
Adaptive Security Architecture (ASA)
Business Model for Information Security (BMIS)
Cognitive Security
Common Data Security Architecture (CDSA)
Federal Information Security Management Act (FISMA)
Payment Card Industry Data Security Standard (PCI DSS)
Data Security
Computer Security
Enterprise Information Security Architecture (EISA)
Fault Configuration Accounting Performance Security (FCAPS)
Graduated Security
Information Systems Security (INFOSEC)
Information Security Management System (ISMS)
Mobile Security
Network Security
IT Asset (Information Technology Asset)
IT Assurance Framework (ITAF)
IT Capability
IT Capability Maturity Framework (IT-CMF)
IT Chargeback
IT Chargeback Model
IT Cost Allocation
IT Cost Optimization
IT Ecosystem
IT Financial Management (ITFM)
IT Governance
IT Governance Framework
IT Infrastructure
IT Investment Management (ITIM)
IT Management (Information Technology Management)
IT Maturity Model
IT Metrics (Information Technology Metrics)
IT Oganization Modeling and Assessment Tool (ITOMA)
IT Operations (Information Technology Operations)
IT Operations Analytics (ITOA)
IT Operations Management (ITOM)
IT Optimization
IT Portfolio
IT Portfolio Management (ITPM)
IT Roadmap
IT Service Continuity Management (ITSCM)
IT Service Management (ITSM)
IT Sourcing (Information Technology Sourcing)
IT Standard (Information Technology Standard)
IT Strategic Plan (Information Technology Strategic Plan)
IT Strategic Planning
IT Strategic Sourcing
IT Strategy (Information Technology Strategy)
IT Strategy Framework
IT Strategy Process
IT Transformation
IT Value
IT Value Mapping
IT Vision
Security Policy
Security Architecture
Security Reference Model (SRM)
Cyber Security


  1. Defining Information Technology Security Assessment (IT Security Assessment) Wikipedia
  2. Why Companies need Security Assessment? Holm Security