Security Assessments: A full picture approach to assessing how effective our access controls are,
they have a very broad scope. We would not look at KPIs. Security assessments often span multiple
areas, and can use some or all of these components: Policies, procedures, and other administrative
controls. Assessing the real world-effectiveness of administrative controls. Change management.
Architectural review. Penetration tests. Vulnerability assessments. Security audits.