Often termed as “ethical hacking,” is a service provided to ensure that even the bad guys can’t get to your systems.
Vulnerability assessments should be an integral part of a mature, proactive security program. Organizational changes – such as the implementation of a new system or update of an existing application – often introduce new vulnerabilities into organization. Periodic vulnerability testing can ensure you always have visibility into the security threats facing your organization. It is also a required component of common compliance mandates.
Areas of Assessment
Our team assesses the culture, organization, policies, and procedures that provide for IT management and control across five key areas: alignment of IT strategy and business/operational requirements, resource management, value delivery, risk management, and performance measurement.
Using industry benchmarks, we assess the IT department and the suitability of staffing levels, skills, and the balance of workforce to workload by IT tier. In addition, we can evaluate IT training programs, IT management structure, and compensation levels to ensure your organization is achieving maximum efficiency, employee satisfaction, and employee retention.
SECURITY AND CONTINUITY
Our practitioners assess all aspects of IT security, including development standards, data security, configuration management, threat and vulnerability management, incident response, security awareness training, data classifications, and vendor due diligence.
We perform a critical analysis of key applications to determine the effectiveness, business value, lifespan, reliability, and end user satisfaction of each application. During the analysis, we categorize each application into four categories: tolerate, invest, migrate, or eliminate.
Our team evaluates the security and suitability of all elements of your internal IT environment, including the architecture and configurations of firewalls, servers and databases, wireless networks, and bring-your-own-device policies.
Vulnerability Assessment Methodology
Missing security service packs
Buffer and heap overflows
Local and remotely exploitable vulnerabilities
Conditions leading to denial of service attacks
Backdoors and trojans
The presence of rootkits or network hacking tools
Firmware vulnerabilities for networked devices