Technical Security Assessment
What is a Technical Security Assessment?
A Technical Security Assessment (TSA), also known as a Security Audit, is simply a study of an organization’s IT systems to determine whether the system has any weaknesses. The study looks at both the system itself and the actual use by staff. A TSA is the first step in ensuring an organization has a secure system, safe from unauthorized use, robust in its defenses, strong in its user policies, and yet minimally intrusive when actually being used. Organizations may perform a TSA as a single project. However, performing the TSA regularly as part of an organization’s routine IT activities is the best practice. IT professionals should perform a TSA at a minimum whenever adding new hardware models, software applications, or operating systems to an existing IT environment. ETTE also recommends an audit when manufacturers publish technological changes to the cloud or network systems. ETTE, with the cooperation of our client organization, performs a comprehensive, 20-point assessment corresponding to the well-known SANS 20 Critical Security Controls (CSC), an industry standard now in its 7th update. Our evaluation of control areas includes: