Information Security Assurance
Training and Rating Program
Please keep your contact information current.
Please contact isatrp (at) isatrp.org if you feel your information needs updating.
Information Security Assurance is a high-level review of the Information System Security posture of operational system(s) for the purpose of identifying potential vulnerabilities. Once identified, recommendations are provided for the elimination or mitigation of the vulnerability.
An Information Security Assessment is the first step in the vulnerability discovery triad. It provides the initial, organizational wide information security analysis, which provides invaluable information for risk management decisions such as the implementation of countermeasures and the focus of further information security analysis.
The Information Security Assessment is a three-phased process that will assist the customer to define missions, identify the criticality impacts to the information necessary to support those missions, identify potential vulnerabilities, and provide recommended countermeasures. The analysis is accomplished through the review of documentation (e.g., policies and procedures), interview with all levels of organization personnel, system demonstrations, and techncial evaluation (scanning).