The control objective is to ascertain whether adequate technical security controls have been implemented to secure the infrastructure, platforms hosting the critical Business application systems for the organisation. The Assessment approach adopted starts with reviewing the network diagram/ topology/ network traffic profile and understand security devices deployed to protect organisations information assets.
- Assess network topology and protocols
- Assess the network – security devices like Firewall, Web Application firewall, UTM etc
- Assess the network traffic profile
- Carry out vulnerability scans and penetration test exercises
- Evaluate blue team capability
- Provide GAPs identified, and remediation advisory with implementation roadmap & prioritisation