What is Security assessment? What are the different stages involved in it? Security assessment has different stages viz. discovery stage, vulnerability scan, assessment, security assessment, penetration stage, security audit and security review stage. Security assessment is a thorough study done mainly to identify IT related threats and risks. Full support of the organization being assessed is required for an explicit study. The organization should allow the assessor access to its network, facilities etc. An assessment is done to assess the working of the present security system and to make improvements if any amongst all the security tests a security assessment test is the most useful test. Security assessment is also known as security audit or security review. It should make sure that all necessary security tools required to protect the system have been incorporated into the system. Security assessment system goes through a number of stages to identify the risks and to analyze the situation.

1. Discovery stage: the services and systems under operation are identified. This process does not identify the weaknesses of the system but may at times point out the obsolete versions of software/firmware which in turn may be helpful to identify the potential vulnerabilities.

2. Vulnerability scan stage – it is meant to identify the security issues. With the help of automated tools it matches conditions with known vulnerabilities. Manual scanning or interpretation is not required as the tool automatically sets the reported risk level.

3. Vulnerability assessment stage - in order to place the findings into the context of the environment under test and to scan the security vulnerabilities it uses discovery and vulnerabilities.

4. Security assessment stage - the basis of this stage is vulnerability assessment. In order to confirm exposure it adds manual verification but does not include the use of vulnerabilities to work further. Security assessment can be done by authorizing access in order check system settings. It also scans logos, system responses, error messages, codes, etc.

5. Penetration test - imitates an attack by a harmful person-in order to gain further access it exploits the present vulnerabilities. This test may help us understand the potential of the person trying to hack the confidential information or data. in comparison to the security assessment approach which looks at the broader coverage this stage goes to the origin of attack

6. Security Audit – is responsible for handling the compliance issues. Due to its narrow scope it is flexible enough to use any of the above mentioned approaches i.e. vulnerability assessment, security assessment, etc.

7. Security Review – making sure that the product is adhering to the internal security standards. This stage follows a gap analysis and also makes use of build/code reviews or design data and diagrams. This stage has no relation with the earlier approaches.

. For more information on security assessment you can visit URL: http://www.ivizsecurity.com/application-penetration.html