SlideShare a Scribd company logo

Technology Assessment Framework

Mark S. Mahre
Mark S. Mahre

There are many aspects, components and dependencies to consider when designing and improving a comprehensive technology environment for passing audits or compliance readiness. This framework was created by Mark Mahre back in 2015, revised in 2017 and improved again in January 2019 to help our clients' leadership, stakeholders and technology management teams understand the breadth of the 'current-state' environment and then help articulate the many moving targets and critical controls requirements for 'future-state' planning, budgeting, executing, testing, operations hand-off, monitoring and sustainability.

Technology
1 of 3
Download to read offline
Technology Assessment Approach & Framework September 2019 Version 2.2 Mark S Mahre Director, Business Technology Consulting Services Aprio Five Concourse Parkway, Suite #1000 Atlanta, GA 30328
Assessment Approach & Framework Technology Current State • Perform an IT Assessment with the following focus areas o GAP Analysis across the technology component with a focus on the current managed services o Evaluate current security vulnerabilities and threats ▪ Discovery and Vulnerability Identification ▪ Vulnerability verification and exploration - Penetration Testing ▪ Root-Cause Analysis and Recommendation Roadmap o Assessment across enterprise – Current State compute, application stack, disaster recovery and go forward roadmap o Recommendations for new support structure and MSP solution (for moving forward) • IT Governance – Change management, compliance requirements, SLA’s across providers and customers • KPI’s and Reporting relating to the assessment topics (how do we measure) During this assessment, Aprio will evaluate a comprehensive risk management strategy to identify existing and potential risks and assess how to mitigate if they arise. risk identification, measurement, mitigation, reporting and monitoring, and remediation are vital elements for having an effective and comprehensive risk management system in place. With this assessment focused on technology, infrastructure, and managed services, Aprio will also be performing a comprehensive security assessment within the network consisting of the following perceived profile; IP address; location firewalls and subnets. During the security assessment we will be including Nessus, ACL interpretation, Firmware interrogation and base level penetration testing in our overall security evaluation of the computing environment. Our team is compliant with NIST 800.53 for firmware scanning – given the mission critical nature of the project, adherence to NIST standards is of paramount concern. We will calculate risk based upon the NIST Risk Equation and our tool-based data collection process will decrease the time required to accomplish a basic scan and overall project duration. Assessment Report • Areas of Assessment Environment • Current-State Analysis based on onsite observations, management interviews and workshop sessions • Gap Analysis, Findings, and Recommendations • Technology, Security & Infrastructure Remediations or Process Improvements • Risk Avoidance and Risk Mitigation Recommendations • Roadmap and Project Plans for Innovation, People, Process and Technology Recommendations
There are many aspects, components and dependencies to consider when designing and improving a comprehensive technology environment for passing audits or compliance readiness. The above framework was created back in 2015, revised in 2017 and improved again in January 2019 to help leadership, stakeholders and technology management teams understand the breadth of the 'current-state' environment and then help articulate the many moving targets and critical controls requirements for 'future-state' planning, budgeting, executing, testing, operations hand-off, monitoring and sustainability.

Recommended

Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 

Recommended

Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Denise Tawwab
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
Elements of security risk assessment and risk management
Elements of security risk assessment and risk managementElements of security risk assessment and risk management
Elements of security risk assessment and risk management
healthpoint
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
Dam Frank
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
Sammer Qader
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
n|u - The Open Security Community
 
Technology Alignment Framework
Technology Alignment FrameworkTechnology Alignment Framework
Technology Alignment Framework
Mark S. Mahre
 
Establishing Effective ERM of IT: Implementation and Operational Issues of th...
Establishing Effective ERM of IT: Implementation and Operational Issues of th...Establishing Effective ERM of IT: Implementation and Operational Issues of th...
Establishing Effective ERM of IT: Implementation and Operational Issues of th...
Robert Stroud
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
Donald E. Hester
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Netpluz Asia Pte Ltd
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1)
Donald E. Hester
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NetLockSmith
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
ChandanChandu928137
 
Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore.
 
Project Management Overview
Project Management OverviewProject Management Overview
Project Management Overview
Rockon0017i5
 

More Related Content

What's hot

NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
Establishing Effective ERM of IT: Implementation and Operational Issues of th...
Establishing Effective ERM of IT: Implementation and Operational Issues of th...Establishing Effective ERM of IT: Implementation and Operational Issues of th...
Establishing Effective ERM of IT: Implementation and Operational Issues of th...
Robert Stroud
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 

What's hot (20)

Elements of security risk assessment and risk management
Elements of security risk assessment and risk managementElements of security risk assessment and risk management
Elements of security risk assessment and risk management
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
Technology Alignment Framework
Technology Alignment FrameworkTechnology Alignment Framework
Technology Alignment Framework
 
Establishing Effective ERM of IT: Implementation and Operational Issues of th...
Establishing Effective ERM of IT: Implementation and Operational Issues of th...Establishing Effective ERM of IT: Implementation and Operational Issues of th...
Establishing Effective ERM of IT: Implementation and Operational Issues of th...
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1)
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
 

Similar to Technology Assessment Framework

Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore.
 
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdfCISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
SidneyGiovanniSimas1
 
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptx
koushikDutta62
 
C_COHEN_RESUME
C_COHEN_RESUMEC_COHEN_RESUME
C_COHEN_RESUME
Carl Cohen
 
Roger Sloan Resume
Roger Sloan ResumeRoger Sloan Resume
Roger Sloan Resume
Roger Sloan
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
Rishi Kant
 

Similar to Technology Assessment Framework (20)

Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance Analyst
 
Project Management Overview
Project Management OverviewProject Management Overview
Project Management Overview
 
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdfCISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
 
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptx
 
C_COHEN_RESUME
C_COHEN_RESUMEC_COHEN_RESUME
C_COHEN_RESUME
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance Brochure
 
Roger Sloan Resume
Roger Sloan ResumeRoger Sloan Resume
Roger Sloan Resume
 
Dennis Batdorf resume
Dennis Batdorf resumeDennis Batdorf resume
Dennis Batdorf resume
 
Resume
Resume Resume
Resume
 
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
 
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Alliance session 4373 risk management from on premise to the cloud – a foc...
Alliance session 4373 risk management from on premise to the cloud – a foc...Alliance session 4373 risk management from on premise to the cloud – a foc...
Alliance session 4373 risk management from on premise to the cloud – a foc...
 
TyroneResume[1]
TyroneResume[1]TyroneResume[1]
TyroneResume[1]
 
JZacharkan-RES2016
JZacharkan-RES2016JZacharkan-RES2016
JZacharkan-RES2016
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
 
Utility Cybersecurity Compliance Capabilities
Utility Cybersecurity Compliance CapabilitiesUtility Cybersecurity Compliance Capabilities
Utility Cybersecurity Compliance Capabilities
 

More from Mark S. Mahre

VP Reference Letter_Oct2015
VP Reference Letter_Oct2015VP Reference Letter_Oct2015
VP Reference Letter_Oct2015
Mark S. Mahre
 
CFO Reference Letter_Sept2015
CFO Reference Letter_Sept2015CFO Reference Letter_Sept2015
CFO Reference Letter_Sept2015
Mark S. Mahre
 
Mark S Mahre - Info-Tech final
Mark S Mahre - Info-Tech finalMark S Mahre - Info-Tech final
Mark S Mahre - Info-Tech final
Mark S. Mahre
 
Spending Request Example V4
Spending Request Example V4Spending Request Example V4
Spending Request Example V4
Mark S. Mahre
 
IT Dashboard User Manual V2.2
IT Dashboard User Manual V2.2IT Dashboard User Manual V2.2
IT Dashboard User Manual V2.2
Mark S. Mahre
 
Capacity Management Process Handbook
Capacity Management Process HandbookCapacity Management Process Handbook
Capacity Management Process Handbook
Mark S. Mahre
 
PMO Framework Corus360 V2B
PMO Framework Corus360 V2BPMO Framework Corus360 V2B
PMO Framework Corus360 V2B
Mark S. Mahre
 
Data Migrations Framework V33
Data Migrations Framework V33Data Migrations Framework V33
Data Migrations Framework V33
Mark S. Mahre
 
FundFlow V3.6 Overview (Printable) 08-18-03
FundFlow V3.6 Overview (Printable) 08-18-03FundFlow V3.6 Overview (Printable) 08-18-03
FundFlow V3.6 Overview (Printable) 08-18-03
Mark S. Mahre
 
Enterprise Project Process Diagram May 2010
Enterprise Project Process Diagram May 2010Enterprise Project Process Diagram May 2010
Enterprise Project Process Diagram May 2010
Mark S. Mahre
 

More from Mark S. Mahre (19)

Aprio Consulting Services - Cloud, ITFM, Compliance, Innovation, Technology
Aprio Consulting Services - Cloud, ITFM, Compliance, Innovation, TechnologyAprio Consulting Services - Cloud, ITFM, Compliance, Innovation, Technology
Aprio Consulting Services - Cloud, ITFM, Compliance, Innovation, Technology
 
Governance - Project Management Office Professional Services
Governance - Project Management Office Professional ServicesGovernance - Project Management Office Professional Services
Governance - Project Management Office Professional Services
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0
 
SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook Template
 
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsSOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
 
US State Government Case Study
US State Government Case StudyUS State Government Case Study
US State Government Case Study
 
ClearCost License & Implementation under $50K
ClearCost License & Implementation under $50KClearCost License & Implementation under $50K
ClearCost License & Implementation under $50K
 
ClearCost
ClearCostClearCost
ClearCost
 
VP Reference Letter_Oct2015
VP Reference Letter_Oct2015VP Reference Letter_Oct2015
VP Reference Letter_Oct2015
 
CFO Reference Letter_Sept2015
CFO Reference Letter_Sept2015CFO Reference Letter_Sept2015
CFO Reference Letter_Sept2015
 
ClearCost Introduction 2015
ClearCost Introduction 2015ClearCost Introduction 2015
ClearCost Introduction 2015
 
Mark S Mahre - Info-Tech final
Mark S Mahre - Info-Tech finalMark S Mahre - Info-Tech final
Mark S Mahre - Info-Tech final
 
Spending Request Example V4
Spending Request Example V4Spending Request Example V4
Spending Request Example V4
 
IT Dashboard User Manual V2.2
IT Dashboard User Manual V2.2IT Dashboard User Manual V2.2
IT Dashboard User Manual V2.2
 
Capacity Management Process Handbook
Capacity Management Process HandbookCapacity Management Process Handbook
Capacity Management Process Handbook
 
PMO Framework Corus360 V2B
PMO Framework Corus360 V2BPMO Framework Corus360 V2B
PMO Framework Corus360 V2B
 
Data Migrations Framework V33
Data Migrations Framework V33Data Migrations Framework V33
Data Migrations Framework V33
 
FundFlow V3.6 Overview (Printable) 08-18-03
FundFlow V3.6 Overview (Printable) 08-18-03FundFlow V3.6 Overview (Printable) 08-18-03
FundFlow V3.6 Overview (Printable) 08-18-03
 
Enterprise Project Process Diagram May 2010
Enterprise Project Process Diagram May 2010Enterprise Project Process Diagram May 2010
Enterprise Project Process Diagram May 2010
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 

Technology Assessment Framework

  • 1. Technology Assessment Approach & Framework September 2019 Version 2.2 Mark S Mahre Director, Business Technology Consulting Services Aprio Five Concourse Parkway, Suite #1000 Atlanta, GA 30328
  • 2. Assessment Approach & Framework Technology Current State • Perform an IT Assessment with the following focus areas o GAP Analysis across the technology component with a focus on the current managed services o Evaluate current security vulnerabilities and threats ▪ Discovery and Vulnerability Identification ▪ Vulnerability verification and exploration - Penetration Testing ▪ Root-Cause Analysis and Recommendation Roadmap o Assessment across enterprise – Current State compute, application stack, disaster recovery and go forward roadmap o Recommendations for new support structure and MSP solution (for moving forward) • IT Governance – Change management, compliance requirements, SLA’s across providers and customers • KPI’s and Reporting relating to the assessment topics (how do we measure) During this assessment, Aprio will evaluate a comprehensive risk management strategy to identify existing and potential risks and assess how to mitigate if they arise. risk identification, measurement, mitigation, reporting and monitoring, and remediation are vital elements for having an effective and comprehensive risk management system in place. With this assessment focused on technology, infrastructure, and managed services, Aprio will also be performing a comprehensive security assessment within the network consisting of the following perceived profile; IP address; location firewalls and subnets. During the security assessment we will be including Nessus, ACL interpretation, Firmware interrogation and base level penetration testing in our overall security evaluation of the computing environment. Our team is compliant with NIST 800.53 for firmware scanning – given the mission critical nature of the project, adherence to NIST standards is of paramount concern. We will calculate risk based upon the NIST Risk Equation and our tool-based data collection process will decrease the time required to accomplish a basic scan and overall project duration. Assessment Report • Areas of Assessment Environment • Current-State Analysis based on onsite observations, management interviews and workshop sessions • Gap Analysis, Findings, and Recommendations • Technology, Security & Infrastructure Remediations or Process Improvements • Risk Avoidance and Risk Mitigation Recommendations • Roadmap and Project Plans for Innovation, People, Process and Technology Recommendations
  • 3. There are many aspects, components and dependencies to consider when designing and improving a comprehensive technology environment for passing audits or compliance readiness. The above framework was created back in 2015, revised in 2017 and improved again in January 2019 to help leadership, stakeholders and technology management teams understand the breadth of the 'current-state' environment and then help articulate the many moving targets and critical controls requirements for 'future-state' planning, budgeting, executing, testing, operations hand-off, monitoring and sustainability.