Current State Security Assessment

Current State Security Assessment (CSA)

Current State Security assessment is performed to identify the Client’s Information Security Current State compared against good practices and industry standards and to define the maturity ratings and risk ratings for each of domain areas identified as part of scoping

During the course of this engagement, Green Method will interview/meet with Client’s stakeholders and will perform an analysis of key Information Security documentation (including existing policies, procedures, standards and guidelines) from which we will obtain an understanding of Client’s current information security practices and planned related initiatives.

Our assessment methodology is to assess Client’s Information Security Current State against good practices and industry standards.

Green Method will utilize our inhouse developed Security Framework which aligns to industry standards, including ISO/IEC 27001. We can also measure against the UAE information security standards like UAE-IAS (Nesa/Sia) and DG-ISR.   

The assessments will be done on, but not limited to the following domains;

Our Current State Gap Assessment Methodology utilizes below framework

For the risk and maturity ratings, we will utilize industry standard risk-based methodology to determine residual risk exposure based on inherent risk and specific control effectiveness:

Low

Basic undocumented, changing capability is in place with some technology and tools; limited local processes, and limited organizational support

Defined

A defined capability is in place with significant technology and tools for some key resources and people; processes defined for some regions and/ or business units; and organizational guidance is in place for some key regions and/or business units.

Advanced

An advanced capability is in place which is leading-edge technology and tools* for all key resources and people, consistent process across regions, business units, and effective governance is in place (accountability / responsibility/continual monitoring for improvement).

Partial

A partial capability is in place with a combination of some technology and tools; local processes covering some regions/business units or processes are repeatable, but may not be good practice or maintained; and limited organizational arrangement to support good practice

Mature

A mature capability is in place with advanced technology and tools for some key resources and people, consistent processes exist for some regions and/or business units, and some governance is in place (accountability/responsibility/metrics) for some key regions and/or business units