IT infrastructure security design review starts from penetration testing and interview sessions with appropriate staff. This provides with a basic familiarity of organization's methods, structure, overall network components, and the network / security structure in place. Further studies will be conducted to identify:

 

- The key factors affecting security and compliance;

- Enable effective compliance, implementation and enforcement;

- Reference or conform to established standards;

- Provide clear and comprehensive guidance;

- Define and communicate roles, responsibilities, authorities, and accountabilities for all

   individuals and organizations that interface with critical systems.

 

The knowledge-base of best practices will be utilized to define where systems deviate from this desired result and organize systems into high, medium, and low value. This definition will serve as a basis to organize all findings into high, medium, and low risk. A high risk in a low value system must be differentiated from a high risk in a high value system. This further refinement will assist client organization in assigning priorities to remediation efforts.