Security Architecture Reviews

You have hired the people, bought the technology, and written the polices. But do you know how they all work together? Are they actually achieving your goals? Does what you built comply with the standards and best practices?

This is where a Security Architecture Review (SAR) comes in. A SAR uses a combination of questionnaires, documentation reviews, and interviews to determine how—or even whether—all the pieces of your organization’s security work together. You will learn how to do more with what you have, and where your precious budget monies are best allocated.

SARs are also useful when you’re just starting out. If you have never had a penetration test, a SAR can help identify some of the major issues in your environment to address before the first pen test. By addressing those first, you will get more value when the pen test happens by having a better idea of what the testers should focus on and having them spend less time on low-hanging fruit.

Provide Questionnaires

A few weeks before the official start, you will receive one or more questionnaires for your team to fill out. Some answers will be easy, others more difficult. If you don’t know some of the answers, that’s okay. Identifying knowledge and experience gaps is one of the reasons that SARs exist.

Conduct Interviews

An experienced consultant will meet with members of your organization ranging from the leadership down to those in the trenches. The idea is to identify each level’s goals, fill in gaps in the questionnaires, and understand how the different parts of your organization can better work together to keep it safe.

Combine and Review

The consultant will combine information gathered from the questionnaires, interviews, and your organization’s policies, procedures, and standards to build a picture of how you are doing. This process will identify what you do well as well as where you may fall short.

Report Generation

Illuminus will generate a report from the collected information, providing explanations for any identified issues. The report will include recommendations to mitigate and address those issues, including both short- and long-term suggestions where appropriate.