SecureState has developed a rigorous approach to identify critical business processes through interviews, observation, and validation.
The majority of fieldwork will involve interviewing various application or business process ‘owners’ (including executives, project managers, team leads, and supporting personnel) to document areas of control weakness. Since a number of infrastructure/process components can be used to support a particular application, SecureState will need to interview and observe each functional area. SecureState will corroborate the documented controls by asking leading questions. Please note that hands-on analysis will be conducted during the Validation and Testing phase.
SecureState will document the point of presence for each application. Including supporting infrastructure, input and output flows, and communications used. This will enable SecureState to get an overall view of potential control impact areas. SecureState will build a Visio Diagram that can be used by your organization for knowledge transfer and to gain a quick high level understanding of the various components used to support that process.
With this understanding, SecureState will develop a Control Matrix that outlines potential control weaknesses. This matrix will include potential impact, risk, timeframe, and resources needed to complete with recommended countermeasures and document where they impact the business process flow.
SecureState will document potential areas where additional validation and testing might be required. Typically, systems impacting business processes handling sensitive or critical data will require additional testing and validation depending on the type of data or process. Performing validation and testing for various application components increases the scope and changes deliverable output. Therefore, SecureState recommends prioritizing all validation and testing services for each application before performing specific tests. The cost is TBD, based on the flow of the applications.