Business Process Evaluation

The third phase of the security assessment is the Business Process Evaluation, which marks the beginning of the substantive portion of the security assessment. Before going into the details of this phase, it is worth discussing the overall progression of information gathering that will take place beginning with this phase, why the process is important, and some of the reasons why the process may not go as smoothly as we would like. This is relevant because the business process evaluation phase is arguably the most critical phase of the security assessment. The work in this phase will drive the rest of the security assessment, including what technologies you review and how you classify the findings.