Security Assessments take into account the processes, procedures and guidelines that govern your company. These are usually driven by regulations, auditors or sometimes a little pro-active curiosity. Below are some of the Security Assessments we offer:
Physical Security Assessments
Similar to our Physical Security Penetration Testing package, we will assess your physical security controls and review with you how they can be improved. (This offering differs from the Physical Security Penetration test in that we will only assess and not actively try to circumvent any controls).
Internal Technical Security Assessment
Internal Networks are assumed to be 'trusted'. Since they often reside inside the protections of the network, they are thought to be some of the most secure environments. However this is rarely the case, as data is typically not encrypted and sensitive information is commonly found on servers forgotten long ago. With our Internal Technical Security Assessment package, we can be on site (or through a secure VPN) assessing the controls of your internal network. This perspective would give you an overview of what a regular or disgruntled employee/vendor/consultant would see if they were to plug into your internal environment. (This offering differs from our Internal Network testing package as we will only assess and not actively exploit).
Network Security Architecture Review
Designing a secure network is no easy task. There are many caveats, pitfalls and oversights that can cloud even the best architect's vision. We can review or revise your existing security architecture or help you create a new one.
Virtual Environment Security Assessment
Virtual Infrastructure has the advantage of being extremely flexible in terms of server deployment and manageability. Despite that, the same security issues that plague physical servers still apply here as well as a whole set of new ones. Virtual machine malware, Hypervisor exploit jumps and resource stealing are just some of the new tricks the bad guys have up their sleeve. With our Virtual Environment Security Assessment, we can scan your virtual infrastructure and report on vulnerabilities and how you can mitigate them.
Source Code Review
Like dialects of the world, computer programing languages are plentiful. Some people are fluent while others can barely understand a single word. Our Source Code Review service can help you remedy application errors, security faults and even help you understand an older piece of inherited, legacy software.
Policy and Control Testing
Security policy is only as good as the paper it's printed on unless it's tested frequently. Security controls for public companies are numerous and often misunderstood. We can help you review or revise your existing policies and controls or help you create new ones. Policies and regulations typically include:
HIPAA, HITECH, NIST, SOX, GLBA, ISO27000, PCI