The Importance of a Security Assessment - by Michael Terra, Oracle
By Darin_Pendergraft_Oracle on Nov 01, 2013
Today's Blog was written by Michael Terra, who was the Subject Matter Expert for the recently announced Oracle Online Security Assessment.
You can take the Online Assessment here: Take the Online Assessment
Over the past decade, IT Security has become a recognized and respected Business discipline. Several factors have contributed to IT Security becoming a core business and organizational enabler including, but not limited to, increased external threats and increased regulatory pressure. Security is also viewed as a key enabler for strategic corporate activities such as mergers and acquisitions.
Now, the challenge for senior security professionals is to develop an ongoing dialogue within their organizations about the importance of information security and how it can impact their organization's strategic objectives/mission.
The importance of conducting regular “Security Assessments” across the IT and physical infrastructure has become increasingly important. Security standards and frameworks, such as the international standard ISO 27001, are increasingly being adopted by organizations and their business partners as proof of their security posture and “Security Assessments” are a great way to ensure a continued alignment to these frameworks.
Oracle offers a number of different security assessment covering a broad range of technologies. Some of these are short engagements conducted for free with our strategic customers and partners. Others are longer term paid engagements delivered by Oracle Consulting Services or one of our partners. The goal of a security assessment, (also known as a security audit or security review), is to ensure that necessary security controls are integrated into the design and implementation of a project, application or technology. A properly completed security assessment should provide documentation outlining any security gaps that exist in an infrastructure and the associated risks for those gaps. With that knowledge, an organization can choose to either mitigate, transfer, avoid or accept the risk.
One example of an Oracle offering is a Security Readiness Assessment:
The Oracle Security Readiness Assessment is a practical security architecture review focused on aligning an organization’s enterprise security architecture to their business principals and strategic objectives. The service will establish a multi-phase security architecture roadmap focused on supporting new and existing business initiatives.
The Security Readiness Assessment will:
- Define an organization’s current security posture and provide a roadmap to a desired future state architecture by mapping security solutions to business goals
- Incorporate commonly accepted security architecture concepts to streamline an organization’s security vision from strategy to implementation
- Define the people, process and technology implications of the desired future state architecture
- The objective is to deliver cohesive, best practice security architectures spanning multiple domains that are unique and specific to the context of your organization.
The Oracle Security Readiness Assessment is a multi-stage process with a dedicated Oracle Security team supporting your organization. During the course of this free engagement, the team will focus on the following:
- Review your current business operating model and supporting IT security structures and processes
- Partner with your organization to establish a future state security architecture leveraging Oracle’s reference architectures, capability maps, and best practices
- Provide guidance and recommendations on governance practices for the rollout and adoption of your future state security architecture
- Create an initial business case for the adoption of the future state security architecture
If you are interested in finding out more, ask your Sales Consultant or Account Manager for details.