Review of Enterprise Security Architecture

The control objective is to ascertain whether adequate security control have been implemented to secure business assets. The assessment approach adopted starts with review of people, process & technology and the Information Security Management framework

  • Assess information security culture in enterprise
  • Review HR on-boarding process controls are adequate
  • Review of Information Security Awareness policy & practices
  • Review Internal control measures to identify operational errors are adequate
  • Corrective actions are monitored and reported
  • Asses technology implemented
  • Enterprise Information Assets are properly accounted for
  • Network architecture hosting the enterprise information Assets is as per organisations risk appetite
  • Enterprise security architecture is build to defend cyber attack thorough the cyber security concepts of defence in depth, and layered network defence
  • Enterprise Security architecture has considered using cost saving techniques like network segmentation, placing protection to information assets based on Asset classification and value to organisation