Security Assessment using :: (DAF-S)
Assessment Objectives: DSF© provides a set of maturity metrics for each of the disciplines. They articulate the objectives an assessment should look at while assessing practices in a specific discipline. Each of the parameters is elaborated as expectations and capabilities that an organization should deliver in order to improve its maturity in the discipline. The assessment objectives and the respective elaboration provide broad guidelines and directions for conducting the assessment. Auditor or assessor should take a careful note of these objectives outlined at the start of each discipline.
Assessment Areas: Each discipline organizes the assessment questionnaire in 4 to 5 assessment areas. These areas resemble the competence that an organization needs to enhance to improve its maturity. From the perspective of assessment, an organization’s performance in a specific discipline can be derived by evaluating its performance in these areas. Secondly, these areas may become measurement parameters in a measurement scheme that may evolve around the (DAF-S)© . The total 71 competence areas in the 16 disciplines will help an organization provide a high level picture of the state of security, with an opportunity to drill down to a specific competence areas.
Assessment Questionnaire: (DAF-S)© provides a detailed evaluation questionnaire for each of the disciplines, organized under the assessment areas. The assessment questionnaire provides aspects, dimensions, and characteristics need to be evaluated in judging the competence in a specific discipline. To satisfy the objective behind a specific question, an auditor should adopt various methods such as developing information filing forms, interview to understand the dimensions & perspectives, field visit for observations and collecting the evidences and conduct a technical assessment if required.
The objectives, areas and questionnaire provided by (DAF-S)© can serve the purpose of doing self-assessment, provided that the one doing the assessment is familiar with all perspectives, dimensions and aspects of conducting the assessment. Additionally, DSCI will empanel the assessors for conducting the assessment and Organizations may avail services of these assessors to perform third party assessment. The assessors will be extensively trained and certified by DSCI, to allow them perform the third party audits. The organizations intend to conduct self-assessment may like to train and certify their resources to carry the discipline specific assessment. DSCI will make specific arrangements for managing the Assessment requests. This will entail managing of assessment request, working with empaneled auditors, managing the assessment reports and results, etc.