<Prev 1 2 3 4 Next>
Real Security Assessments start with a thorough understanding of your business and require knowledge of the entire operational environment; from business processes to policy mandated levels of trust. We could run a few tools and print out thick reports that made it look like we did a big job but we choose to perform a manual analysis and focus on the areas that matter the most to you. This allows us to return to you a report that is relevant to your organization and has value.
Clients who request this service are often trying to address these questions:
• How are we doing?
• Is my information secure?
• We have many issues, what do we fix first?
• Can I get a second set of eyes on my systems?
• We know we have many security controls in existence — are they also working effectively?
• How are we doing compared to similar companies and to best practices?
• Can I satisfy my IS/IT regulatory compliance requirements?
• Can I get a baseline security assessment to prioritize our risk and give recommendations for risk mitigation?
How does it work?
Our team travels to your location to do on-site data collection and analysis. Then we do additional work off-site to research specific issues regarding your infrastructure and document our findings and recommendations. We schedule projects so that we are typically on-site for less than a calendar week and we usually deliver reports within two weeks of commencing the on-site work.
What is the scope of an Internal Network Security Assessment?
• While each project is custom-scoped depending on your needs, a typical scope includes:
• Network Architecture and Segmentation
• Authentication and Access Control
• Firewall and Router Configuration
• Patch Management & Software Bugs
• System Configuration Settings and Hardening
• Confidential Data Handling
• Physical Security
• Spyware, Malware, Anti-Virus
• High Availability and Single Point of Failure Analysis
In addition to general IT Security Assessments, we also specialize in the following areas:
Massachusetts Privacy Law - 201 CMR 17 Compliance
Network Testing
Server Testing
Application Testing
Embedded Device Testing
Secure Network Architecture
<Prev 1 2 3 4 Next>
|
