Owners and custodians of information and IT systems can request to have a security evaluation performed by Information Technology. This is of particular value for new services and projects. Systems with sensitive or confidential data are important to review given the risk and impact of possible security threats. The Security Architect will identify vulnerabilities, evaluate the risks, and recommend a mitigation plan. The objective is to ensure the security risks are considered during the process of project implementation and development. Depending on the nature of the work required, the scope and depth of the review will vary and may include:
- Security analysis – identifies high-level threats
- Vulnerability assessment – identifies the security holes in the system or infrastructure
- Threat and risk assessment – provides recommendations to maximize the protection of confidentiality, integrity, and availability.