IT Assessment Glossary

A structured evaluation where a subject (e.g., IT infrastructure, security measures, processes) is systematically analyzed and rated against defined criteria. The goal is to capture the current state and derive actionable recommendations.

Strategies and technologies for data backup and recovery in case of disaster. A BDR assessment evaluates backup processes, recovery times (RTO/RPO), and resilience against data loss.

A reference value or comparison standard that serves as orientation for evaluation. Benchmarks can be industry-specific and help position your own IT maturity relative to best practices or competitors.

A structured collection of evaluation criteria, categories, and questions that serves as a template for an assessment. A catalog defines which areas are evaluated and which questions are asked.

The assessment of how ready an organization is for cloud migration. Considers technical, organizational, and financial aspects as well as the compatibility of existing applications and processes.

The totality of all measures, technologies, and policies for protecting data, applications, and infrastructure in cloud environments. Covers areas such as access control, encryption, network security, and compliance.

Capability Maturity Model Integration - a widely used maturity model for assessing and improving business processes. Defines five maturity levels from "Initial" to "Optimizing".

Adherence to legal regulations, regulatory requirements, and internal policies in the IT domain. Compliance assessments verify whether organizations meet applicable standards and laws (e.g., GDPR, NIS2).

Security measures to protect endpoints such as laptops, smartphones, and servers from threats. Includes antivirus, EDR (Endpoint Detection and Response), disk encryption, and patch management.

The comparison between the current state and a defined target state. In the IT assessment context, gap analysis reveals which areas have improvement potential and where action is needed.

Processes and technologies for managing digital identities and their access rights. IAM ensures that only authorized individuals can access the right resources.

The international standard for Information Security Management Systems (ISMS). Defines requirements for establishing, implementing, maintaining, and continuously improving an ISMS.

A formal review of an organization's IT systems, processes, and controls. Unlike an assessment, an audit focuses more strongly on compliance with defined standards and guidelines.

Measurable metrics that quantify success or progress in a specific area. In the IT assessment context, KPIs help track maturity over time and demonstrate improvements.

An IT service provider that proactively manages and monitors its clients' IT infrastructure and systems. MSPs use assessments to evaluate the state of client IT and identify optimization potential.

The current development stage of an assessed area within a maturity model. Typical levels are: 1 (Not Present), 2 (Initial), 3 (Repeatable), 4 (Defined), 5 (Optimized).

A framework that defines various development stages (typically 1-5) to measure the maturity of processes, technologies, or organizations. Each level describes clearly defined capabilities and characteristics.

The division of a network into smaller, isolated areas (segments). Limits the spread of security incidents and enables granular access controls between segments.

The EU directive on measures for a high common level of cybersecurity. It obliges companies in critical sectors to implement comprehensive security measures, incident reporting obligations, and regular risk assessments.

The structured process for identifying, evaluating, distributing, and verifying software updates and security patches. Mature patch management reduces vulnerabilities and improves system stability.

The implementation of corrective measures to address identified vulnerabilities or gaps. Remediation plans typically result from an assessment and prioritize actions by urgency.

The systematic identification, analysis, and evaluation of risks to IT infrastructure. Considers probability of occurrence and potential impact to prioritize risk mitigation measures.

The quantitative evaluation of an assessment through point allocation. Scoring can be weighted, where different categories or questions are assigned different importance (weighting).

A contractual agreement between service provider and customer that defines the quality, availability, and responsibilities of an IT service. SLAs contain measurable metrics such as availability (e.g., 99.9%) and response times.

A systematic review of IT systems for known vulnerabilities and security gaps. Identifies risks and prioritizes them by severity to enable targeted countermeasures.

A security model that fundamentally trusts no user, device, or network - neither inside nor outside the corporate perimeter. Every access is verified and authorized before it is granted.