Data Analysis

Objective: To study and analyse the information collected in the previous phases according to best practices, standards, methodologies, knowledge and experience of the evaluation team.

The general and technical information collected in the previous sections is now systematically analysed to reveal possible deficiencies of information security in products, network design, accesses to information, processes and other aspects. The tools to carry out the analysis encompass codes of good practice, methodologies, standards (like ISO 27001), laws, regulations, as well as existing knowledge bases about the different systems or products analysed, and of course the expertise and knowledge of the evaluation team in charge of the project.

This expertise and knowledge of the evaluation team is a critical asset. The team's task is to identify vulnerabilities, concept failures, and weaknesses in technical designs and processes within the organization, which requires extensive knowledge and experience in the fields under analysis.

This analysis is the previous step to the State of Enterprise Information Security Report (SEIS Report). As can be seen in the next point, it develops all the findings and recommendations product of the analysis.