Have You Assessed Your Security Posture Lately?
The first step to any successful compliance effort is to review your current security environment and identify any holes or vulnerabilities. The Security Readiness Assessment is a short-term engagement designed to help identify the challenges associated with implementing a successful security solution. Our primary goal is to provide you with the information you need to align your business strategy with your information technology investment.
During the Assessment phase, TBG Consultants will work closely with your organization to perform several key assessment activities. A high-level look at our assessment activities can be broken out into the following activities:
- Perform a detailed Gap Analysis
- Conduct Internal and External Vulnerability scanning
- Conduct penetration testing against your network, systems and applications.
- Produce a qualitative risk report
- Produce penetration test report(s)
The gap analysis activities will consist of reviewing all operational, administrative, and physical security controls throughout the enterprise. We will review existing policies and procedures against industry recognized standards and identify any gaps that may exist. During our review, we will speak with key stakeholders from various departments within your organization. We will have in-depth architectural discussions with IT with emphasis on procedural, logical and network security controls.
Internal and External vulnerability scanning is an essential part of any risk management assessment. We employ a commercial-grade vulnerability scanner which checks for over 40,000 unique vulnerabilities. Internal scan results are essential for gaining a truly comprehensive view of your risk posture.
At TBG, we find it very effective to combine risk assessment, vulnerability scanning and penetration testing in a single engagement. Each of these activities plays a part in building a risk profile of the organization. When we conduct penetration testing, we leverage the information gleamed from the vulnerability scanning exercise and attempt to perform actual attacks against the systems within our target of evaluation. We are assessing how likely an identified vulnerability, or a collection of vulnerabilities, are to lead to an actual loss of confidentiality or integrity of critical assets. We will leverage both automated tools and manual hacking techniques to subvert intended controls and exploit identified vulnerabilities. We never actually steal or alter any data assets however; instead we simply provide proof of concept to help in the construction of a prioritized, risk based list of issues within the environment which require remediation.
Once we have performed the 3 main assessment activities explained above, we will produce a risk report containing detailed findings and recommendations. This report is one of the necessary pieces of evidence required by most of the standards, the absence of which would result in the failure of an audit. We will also produce separate vulnerability and penetration.
For more information about our Security Readiness Assessment, contact us our Consulting Practice Manager or call us directly at 877.233.6651