shutterstock_540164989.jpg

Penetration Testing

Often termed as “ethical hacking,” is a service provided to ensure that even the bad guys can’t get to your systems.

Vulnerability assessments should be an integral part of a mature, proactive security program. Organizational changes – such as the implementation of a new system or update of an existing application – often introduce new vulnerabilities into organization. Periodic vulnerability testing can ensure you always have visibility into the security threats facing your organization. It is also a required component of common compliance mandates.

shutterstock_619615334.jpg

Areas of Assessment

IT GOVERNANCE

Our team assesses the culture, organization, policies, and procedures that provide for IT management and control across five key areas: alignment of IT strategy and business/operational requirements, resource management, value delivery, risk management, and performance measurement.

IT ORGANIZATION

Using industry benchmarks, we assess the IT department and the suitability of staffing levels, skills, and the balance of workforce to workload by IT tier. In addition, we can evaluate IT training programs, IT management structure, and compensation levels to ensure your organization is achieving maximum efficiency, employee satisfaction, and employee retention.

SECURITY AND CONTINUITY

Our practitioners assess all aspects of IT security, including development standards, data security, configuration management, threat and vulnerability management, incident response, security awareness training, data classifications, and vendor due diligence.

APPLICATION PORTFOLIO

We perform a critical analysis of key applications to determine the effectiveness, business value, lifespan, reliability, and end user satisfaction of each application. During the analysis, we categorize each application into four categories: tolerate, invest, migrate, or eliminate.

NETWORK INFRASTRUCTURE

Our team evaluates the security and suitability of all elements of your internal IT environment, including the architecture and configurations of firewalls, servers and databases, wireless networks, and bring-your-own-device policies.

shutterstock_515725240.jpg

Vulnerability Assessment Methodology

Missing security service packs

Buffer and heap overflows

Local and remotely exploitable vulnerabilities

Conditions leading to denial of service attacks

Backdoors and trojans

Default accounts

The presence of rootkits or network hacking tools

Firmware vulnerabilities for networked devices