The modern dependence upon information technology and the corresponding information security regulations and requirements force companies to evaluate the security of their core business processes, mission critical data, and supporting IT environment. Combine this with a slowdown in IT spending resulting in justifications of every purchase, and security professionals are forced to scramble to find comprehensive and effective ways to assess their environment in order to discover and prioritize vulnerabilities, and to develop cost-effective solutions that show benefit to the business.A Practical Guide to Security Assessments is a process-focused approach that presents a structured methodology for conducting assessments. The key element of the methodology is an understanding of business goals and processes, and how security measures are aligned with business risks.