The Federal System’s Need for a Security Assessment Process, Part 2: Categories of Security Assessments
Security assessments can fall into many categories and an organization’s core competency often dictates which ones management is more interested in conducting. For example, an organization that has an external presence may be very interested in how they appear to the outside world and how well they are protecting their internal resources from external entities trying to harm them. Whereas, another governmental institution maybe more concerned with their internal security posture and controls as compared to how they appear to the outside world. They may have a pressing need to verify internal access control, password compliance and proper network segmentation as opposed to what protocols are accessible from the public network. The actual type of assessment performed usually depends on the organization’s mission as well as their overall security need.
