The specific approach will depend on the scope of the assessment, and the objectives of the organisation, but will generally require close interaction with the client, and a detailed understanding of the business goals.
A review may include, but is generally not limited to, the following:
- Understanding of technical and business goals.
- Assessment of vulnerabilities and risks relevant to the assessment scope.
- Review of technical component configuration, for example build reviews.
- Recommendations based on industry best practice, and identified opportunities to improve efficiency and effectiveness.