Text Size

  • Increase
  • Decrease
  • Normal

Current Size: 100%

Technical Security Assessment

Department: 
Naitonal Information Assurance
Reference Code: 
CS-GA-02
Target Audience: 
Government agencies
Objective: 
Maintain resiliency in government agencies by evaluating the security posture in information systems.
Description: 

Government ICT Mission Assurance will provide technical security assessment for government agencies based on Q-CERT engagement policy. This assessment will help to identify, validate, and assess technical vulnerabilities and assist organizations in understanding and improving the security posture of their systems and networks. It will provide complete vulnerability assessment including on-site visits, interviews, documents review and analysis, information gathering, vulnerability identification, verification and reporting. Q-CERT will provide technical recommendations and advisories based on the assessment, where applying them would be under the organization’s responsibilities.

Requirements: 
Signing Non-Disclosure Agreement (NDA). Cooperation and Information sharing with the State Agency is required. The State Agency shall provide Q-CERT with related information and technical documents including logs, network architecture and topology, system configuration files and any related technical information to be reviewed and analyzed. Official approval from Government agency’s management is a mandatory to start executing this service. Government Agency shall understand and accept the risks and business impacts that might be incurred during this exercise. This information will be shared with the agency prior the executing this service
Deliverables: 
Security Assessment Reports: Executive (for executive managers) and Technical (for IT administrators). Reports include findings and recommendations. Follow-up activities to assist implementing the recommendations and mitigating the risks.