This results in an integrated, extensible plan and architecture for security driven by identified requirements.

Requirements Assessment
ICA works with an organisation to define their requirements for security. We examine the types of users requiring access along with the systems and applications they require access to. Requirements are gathered using a number of techniques, including:

	• Review of existing applications and systems and their access controls,
	• Review of administrative and management procedures related to security,
	• Review of boundary protection mechanisms
	• Interviews with key stakeholders to determine future requirements and to define architecture selection criteria

The requirements document forms the first part of our report.

Architecture Development

The security architecture is developed within ICA’s standard security framework. This ensures a comprehensive approach is taken to the planning. Required components are identified within each layer of the architecture and for each of these:

	• An overview of the component and the current situation is documented
	• Solution options are assessed and a preferred option is recommended
	• Implementation considerations are identified

Planning
A 2-3 year investment plan is developed for implementation of the security architecture. This plan contains:

	• Identification of the projects required with a one page description of each of them
	• Indicative estimates of the effort, duration and budget required for each project
	• A schedule of these projects showing major dependencies between them

Timing
An ICA Security Planning project is designed to deliver value quickly to our customers. A project will typically take between 4 and 6 weeks to complete, depending on the complexity of the environment.