Assessment

Independent assessment, sometimes called "third-party review," is one of the cornerstones of security. It provides a measurement for your development efforts, giving management feedback as to the health of the product or service. It can also serve as an effective means of proof to your customers that your product does what you claim.

Evaluation

The Common Criteria Information Technology Security Evaluation (CC) program and the Cryptographic Module Validation (CMV) Program provide government approved security assessments. A successful certification demonstrates that security features have been designed, constructed, and tested, in a reasonable manner. These evaluations go a long way to support your claims of security when selling the product. However, evaluations are not accomplished without a major investment. KBS can provide you with a benefit analysis, help you prepare for an evaluation, and manage the evaluation process.

Audit

Operational security is often validated through audits. Popular security audits that have a controls analysis structure similar to financial audits are SAS 70 and ISO 17799. Other useful audits validate the readiness of Business Continuity or Disaster Recovery Plans. Finally, KBS can help you develop a custom audit to focus on security issues. KBS can help you determine what type of audit is appropriate, help you prepare for an audit, or perform an audit against predetermined criteria.

Security Health Check

Multiple security products can be integrated to provide the security functionality you need. Unfortunately, integration leaves the architect responsible for the interaction and the validation of the system. Through the assessment processes listed above KBS can help you formulate a security health check of the system. As the configuration of your system changes to accommodate routine maintenance or new requirements, your integrated security system can be evaluated, determining if the products are configured and operating correctly or whether adjustments are needed.