IT Security Assessment

Performing an IT security assessment should be an important part of every businesses IT strategy. Carrying out a Metaphor IT risk assessment will help you understand the key risks facing your business and decide which threats you need to mitigate against. Our team will assess the completeness of your IT security, focusing on potential vulnerabilities and their impact specific to your organisation and vertical.

Our assessment is broken down into five sections:

1. The Business
Our initial approach to security is understanding your business as a whole. Our consultants will work with your organisation to understand what regulations you need to adhere to, which of your assets are most valuable, what information is sensitive and ascertain the consequences of a security breach. We will use this information to make sure you have the right technology, resources and processes to protect you.

  • Compliance & Regulation
  • Data Classification
  • Potential impact of breach
  • Known weaknesses and previous attacks
  • Current security strategy and procedures

2. The Technology
Once we have obtained an understanding of the business we will turn to technology. We will analyse your existing security solutions as well as carry out a gap analysis covering every element of security.

  • Gap Analysis: Determine the areas of security where there is inadequate protection.
  • Existing Technology: Analyse if your existing technologies are deployed optimally.

We will recommend which areas need attention and our suggested remedial actions, whether this is introducing a new technology, service or process or simply enhancing what is already in place. Importantly, we will prioritise our recommendations based on their importance relative to the assets they protect and the potential impact on your organisation.

IT Security Assessment

3 + 3 = ?

3. Assessment Coverage
During our assessment we will analyse your organisations security in the following key areas:

4. Process & Execution
Metaphor IT continues to emphasise the importance of our client’s ability to constantly manage their security estate. We have seen many clients invest in proven technology yet still suffer security breaches. Almost without exception, this is due to the lack of management of security events and logs. As part of our assessment, we will determine your organisation’s ability to process the events from every security component that has been deployed, understand its relevance, and respond to threats in an appropriate time frame. We will also look into the following:

  • Review the processes in place to detect a threat, respond to it and neutralise the impact.
  • Assess the resources at your disposal; have you got adequate bandwidth and skills?

5. Report

Our findings will be presented in a thorough report, documenting areas of concern and suggested remedial actions.