The control objective is to ascertain whether adequate technical security controls have been implemented to secure the infrastructure, platforms hosting the critical Business application systems for the organisation.
The Assessment approach adopted starts with reviewing the network diagram/ topology/ network traffic profile and understand security devices deployed to protect organisations information assets.
Assess network topology and protocols
Assess the network - security devices like Firewall, Web Application firewall, UTM etc
Assess the network traffic profile
Carry out vulnerability scans and penetration test exercises
Evaluate blue team capability
Provide GAPs identified, and remediation advisory with implementation roadmap & prioritisation