The identity management challenge
Organizations do not always have a clear picture of how their logical access practices align with requirements and best practices which evolve frequently. To that end, eProseed provides an assessment service to check and improve logical access practices, which also highlights the improvements areas where projects would have the best return on security investment (ROSI).
Our method is based on a discovery phase which relies on on-site interviews and off-site document reviews. It utilizes the COBIT methodology for identity and access management evaluation, and ISO/IEC 27001 as the general structure for evaluating security management and reporting on our findings. Organizations that are aligning with these standard frameworks can therefore get the most out of this mission and avoid duplicated effort.
Assessment Report and Deliverables
The results of the assessment are presented according to 2 groups of metrics: security and usability. The security metrics are sub-divided according to the 14 security controls of the ISO/IEC 27001:2013 “Access Controls” objective. This structure allows security departments to inject the results into their own security risk analysis and to feed their existing improvement processes. Further deliverable provided and presented to the customer is a logical access assessment report consisting of:
- Scope and stakeholders presentation
- Summary of the interview minutes
- Summary of analysed documents
- Structured breakdown of all findings with grades
- Summary of findings with executive summary
- Recommendations for improvements with a dual ROSI (Return On Security Investment) and usability perspective