The question-based assessment is typically done to give a snapshot review of the current state of an
environment and includes personal and their functions within the IT and cyber security team. The question-based assessment also defines if there is governance in place as well as policies that are established surrounding the controls in the network environment. Because ESI fundamentally assesses with an understanding that all domains IT, OT, PS are in the scope our questions are structured to be answered by all three silos. The results of the INFOSEC assessment is to give cursory guidance and a roadmap but does not go into the details that a converged gap assessment or risk assessment would offer. However, if you just became the new CIO, or IT director then this assessment sure gets you a clear understanding which issues you have to deal with first.
Information Security Assessments are done to typically evaluate the current state of a network and the infrastructure of cyber security tied to business processes. It is fundamentally tied to your INFOSEC
team which is typically headed by an IT Director of CIO Chief Information Officer. The methodology of the INFOSEC assessment tie to doing an internal and external vulnerability assessment to define and a network architecture review. This also applies to an understanding of general compliance requirements.