Before you start the transition planning process, it is important to understand the current state of your security and identify change objectives. Performing a needs assessment is a great, systematic process for organizations to prioritize, make improvements and appropriately allocate resources. Ultimately, it fills the gaps between current conditions and desired conditions.
A needs assessment exercise will outline the current state of the organization, pinpoint gaps and vulnerabilities, and frame a true path forward. For example, having an overview of current coverage and an inventory of existing product will show the state of your security program.
Questions provide direction
Asking these questions upfront will save your organization time and frustration, mitigate disruption that can arise from a security incident, and ultimately reduce the cost of service.
- What are you protecting?
- What equipment, staff and procedures do you have?
- Do you have standards for product and installation?
- What are your strengths and what are your weaknesses?
- Can you identify your vulnerabilities and threats?
- Are threats imminent?
- Are you up to date with regulatory and compliance mandates?
- What is the cost of inaction?
Remember, it is important to evaluate your program on a recurring basis. Assets, risks, threats and technology are all ever-changing components of a security program.
Experts provide comprehensive analysis
To achieve a holistic view of disparate systems on a large scale, use an experienced integrator to help evaluate your specific needs and provide a comprehensive analysis which should include:
- Complete site surveys and evaluation
- Security risk assessment
- System submittals
- System engineering landscape
- Regulatory and compliance considerations
Once you've assembled an assessment team, make sure their is a clear understanding as to what enterprise assets you are protecting.
In our upcoming blog, we will be discussing different physical and intellectual enterprise assets.