There are many aspects, components and dependencies to consider when designing and improving a comprehensive technology environment for passing audits or compliance readiness. This framework was created by Mark Mahre back in 2015, revised in 2017 and improved again in January 2019 to help our clients' leadership, stakeholders and technology management teams understand the breadth of the 'current-state' environment and then help articulate the many moving targets and critical controls requirements for 'future-state' planning, budgeting, executing, testing, operations hand-off, monitoring and sustainability.
ChatGPT and Beyond - Elevating DevOps Productivity
Technology Assessment Framework
1. Technology Assessment Approach & Framework
September 2019
Version 2.2
Mark S Mahre
Director, Business Technology Consulting Services
Aprio
Five Concourse Parkway,
Suite #1000
Atlanta, GA 30328
2. Assessment Approach & Framework
Technology Current State
• Perform an IT Assessment with the following focus areas
o GAP Analysis across the technology component with a focus on the current managed services
o Evaluate current security vulnerabilities and threats
▪ Discovery and Vulnerability Identification
▪ Vulnerability verification and exploration - Penetration Testing
▪ Root-Cause Analysis and Recommendation Roadmap
o Assessment across enterprise – Current State compute, application stack, disaster recovery and go forward roadmap
o Recommendations for new support structure and MSP solution (for moving forward)
• IT Governance – Change management, compliance requirements, SLA’s across providers and customers
• KPI’s and Reporting relating to the assessment topics (how do we measure)
During this assessment, Aprio will evaluate a comprehensive risk management strategy to identify existing and potential risks and assess how to
mitigate if they arise. risk identification, measurement, mitigation, reporting and monitoring, and remediation are vital elements for having an
effective and comprehensive risk management system in place.
With this assessment focused on technology, infrastructure, and managed services, Aprio will also be performing a comprehensive security
assessment within the network consisting of the following perceived profile; IP address; location firewalls and subnets. During the security
assessment we will be including Nessus, ACL interpretation, Firmware interrogation and base level penetration testing in our overall security
evaluation of the computing environment.
Our team is compliant with NIST 800.53 for firmware scanning – given the mission critical nature of the project, adherence to NIST standards is
of paramount concern. We will calculate risk based upon the NIST Risk Equation and our tool-based data collection process will decrease the
time required to accomplish a basic scan and overall project duration.
Assessment Report
• Areas of Assessment Environment
• Current-State Analysis based on onsite observations, management interviews and workshop sessions
• Gap Analysis, Findings, and Recommendations
• Technology, Security & Infrastructure Remediations or Process Improvements
• Risk Avoidance and Risk Mitigation Recommendations
• Roadmap and Project Plans for Innovation, People, Process and Technology Recommendations
3. There are many aspects, components and dependencies to consider when designing and improving a comprehensive technology environment for passing
audits or compliance readiness. The above framework was created back in 2015, revised in 2017 and improved again in January 2019 to help leadership,
stakeholders and technology management teams understand the breadth of the 'current-state' environment and then help articulate the many moving
targets and critical controls requirements for 'future-state' planning, budgeting, executing, testing, operations hand-off, monitoring and sustainability.