DSCI Assessment Framework - Security (DAF-S)

Security as a subject and organization function has been expanding its scope and reach, which is articulated by DSF© in 16 distinct disciplines. Maturity of each discipline is becoming important for effective delivering objectives of security. Ever increasing complexity of the underlying infrastructure, extending nature of the business ecosystem, growing pace of adopting new technology solutions and innovative ways of connecting and accessing IT assets are increasingly organizations to evolving, advanced, persistent and targeted security threats. Managing the affairs of security is becoming more daunting, demanding and granular. A weakness, lacuna and deficiency in one area may lead to catastrophic damage the organization’s security. So maturity of security in each of the disciplines is becoming important for the overall maturity of the security. Secondly, competence in the specific disciplines such as − application security, threat and vulnerability management, monitoring & incident management and data security − are becoming critical to the performance of security in delivering a swift response to the security threats and protection of the critical information assets. Assessment of these disciplines for their competence, role, efforts, and performance would provide critical insight into an organization’s capability of delivering to the desired security expectations. DSCI Assessment Framework for Security (DAF-S)© is developed on the premise of discipline based approach to security.

Discipline specific security assessment solves many problems and challenges associated with assessment of security. Many of the contemporary methods fails on account of Ability to reach realities of security, Relevancy to the evolution of the subject, challenges & trends and Dynamism to incorporate or reflect the changes & evolutions. DSCI Assessment Framework – Security focuses on Bringing Reality, Relevance and Dynamism in Security Assessments.

    • Reach to the granularity of practices
    • Reveals deficiencies at architectural and technology competence level
    • Detect gaps in the coverage of the programs and initiatives
    • Identify gaps in the arrangements set up for integrating capabilities
    • Discover issues in the process design
    • Find inefficiency of operational elements
    • Focus on contemporary approaches, technical evolutions, and trends associated with a specific discipline
    • Compile strategic options, tactical steps & operational practices evolving around the discipline, and benchmarking the organizational practices against them
    • Derive methods of evaluating and benchmarking organizational practices
    • Build continuously improving knowledge base around DSF©
    • Introduce the modular and adaptive approach for assessment to incorporate changes
    • Enhance competence of assessors and auditors through continual skills and knowledge improvements
    • Establish a collaboration mechanism for sharing of knowledge, learningg & experiences

Security Assessment using:: (DAF-S)

Assessment Objectives:
DSF© provides a set of maturity metrics for each of the disciplines. They articulate the objectives an assessment should look at while assessing practices in a specific discipline. Each of the parameters is elaborated as expectations and capabilities that an organization should deliver in order to improve its maturity in the discipline. The assessment objectives and the respective elaboration provide broad guidelines and directions for conducting the assessment. Auditor or assessor should take a careful note of these objectives outlined at the start of each discipline.

Assessment Areas:
Each discipline organizes the assessment questionnaire in 4 to 5 assessment areas. These areas resemble the competence that an organization needs to enhance to improve its maturity. From the perspective of assessment, an organization’s performance in a specific discipline can be derived by evaluating its performance in these areas. Secondly, these areas may become measurement parameters in a measurement scheme that may evolve around the (DAF-S)©. The total 71 competence areas in the 16 disciplines will help an organization provide a high level picture of the state of security, with an opportunity to drill down to a specific competence areas.

Assessment Questionnaire:
(DAF-S)© provides a detailed evaluation questionnaire for each of the disciplines, organized under the assessment areas. The assessment questionnaire provides aspects, dimensions, and characteristics need to be evaluated in judging the competence in a specific discipline. To satisfy the objective behind a specific question, an auditor should adopt various methods such as developing information filing forms, interview to understand the dimensions & perspectives, field visit for observations and collecting the evidences and conduct a technical assessment if required.

The objectives, areas and questionnaire provided by (DAF-S)© can serve the purpose of doing self-assessment, provided that the one doing the assessment is familiar with all perspectives, dimensions and aspects of conducting the assessment. Additionally, DSCI will empanel the assessors for conducting the assessment and Organizations may avail services of these assessors to perform third party assessment. The assessors will be extensively trained and certified by DSCI, to allow them perform the third party audits. The organizations intend to conduct self-assessment may like to train and certify their resources to carry the discipline specific assessment. DSCI will make specific arrangements for managing the Assessment requests. This will entail managing of assessment request, working with empaneled auditors, managing the assessment reports and results, etc.

For more information on the framework, mail us at: assessment@dsci.in