Client’s Perspective........................................................................................83
Internal Employees ............................................................................83
Third-Party Consultants .....................................................................84
Kickoff Meeting.......................................................................................................87
Develop Project Plan ...............................................................................................92
Set Client Expectations ...........................................................................................94
Understanding the Meaning of a Security Assessment.................................94
Key Communications.....................................................................................97
Status Meetings..................................................................................97
Deliverable Template .........................................................................98
Executive Summary...............................................................................................100
Defining Scope.............................................................................................100
Staffing .........................................................................................................100
Kickoff Meeting ...........................................................................................101
Develop Project Plan....................................................................................101
Set Client Expectations................................................................................102
Notes ......................................................................................................................102
Chapter 5
Initial Information Gathering...........................................................103
Benefits of Initial Preparation ...............................................................................103
Credibility with the Customer .....................................................................103
Ability to Ask the Right Questions .............................................................104
Gather Publicly Available Information..................................................................105
Where Is This Information Found?.......................................................................105
Company Web Site.......................................................................................107
General Company News ..................................................................107
Operations-Related Information ......................................................108
Planned Initiatives............................................................................109
Management Team...........................................................................109
Financial Information.......................................................................109
Web-Based Offerings .......................................................................110
Sense of Dependency on the Web Presence....................................110
Financial Statements ....................................................................................111
Form 10K — Annual Report...........................................................111
Form 10Q — Quarterly Report .......................................................115
Form 8K — Report of Unscheduled Material Events ....................115
Trade Journals ..............................................................................................116
Other Articles on the Internet ......................................................................117
Gather Information from the Client ......................................................................117
Analyze Gathered Information..............................................................................123
Prepare Initial Question Sets.................................................................................123
Business Process–Related Questions...........................................................125
Significant Business Processes and Supporting Technologies........126
Integration Points with Other Departments.....................................129
Past Security Incidents.....................................................................130
AU1706_book.fm Page xi Tuesday, August 17, 2004 11:02 AM