- Develop information security assessment policy and roles
- Plan technical information security assessments
- Provide guidance on determining which systems to assess
- Address logistical considerations
- Develop assessment plan, and ensure legal and policy considerations are addressed.
- Execute technical information security assessment using the presented methods and techniques
- Respond to any incidents that may occur during the assessment.
- Appropriately handle technical data (collection, storage, transmission, and destruction) throughout the assessment process.
- Conduct analysis and reporting to translate technical findings into risk mitigation actions