|
Security Assessment Service
Why have a Security Assessment?
 Ensuring
the security of your information systems and data is a constantly challenging
and changing process posed by new technologies, new threats and regulatory
requirements.
Engaging an independent third party provides
you with invaluable information on how to stay abreast of current relevant
security developments, industry best practices and identify areas of improvement
within your information security infrastructure. An independent security
assessment also sends a clear message to customers, senior managers and key
stake-holders that information security is a high priority issue within your
organisation and one that is being managed accordingly.
Our Assessment Methodology
Our unique methodology enables us to assess your
information security at many different levels such as managerial, process,
policy and technical. Our methodology is based on the ISO 27001
Information Security Standard combined with industry best practices and standards
published by organisations such as the SANS Institute, the US National
Institute of Standards and Technology, the US CERT Coordination Centre and the
Centre for Internet Security.
Our assessment also includes a full vulnerability scan of ten IP addresses for
known security issues and weak configurations with a 99.995% accuracy using the
most up to date and comprehensive database of known vulnerabilities.
Our Approach
 We
believe a proper security assessment requires a good understanding of your
business and the important business drivers for you and your company. To this
end we take the following approach;
Ø Our experienced consultants conduct
a comprehensive interview to identify the strengths and
weaknesses of your security infrastructure.
Ø A vulnerability scan of your
designated ten IP addresses is conducted and the data
collated.
Ø A review of the information gathered
during the interview and the results of the scan are
correlated and examined.
Ø The results of our findings are
presented to you with issues prioritised according to the
potential impact they may have on your business.
Ø Where appropriate a list of
recommendations will be provided on how to mitigate any
issues or gaps identified during the assessment.
Our
Deliverables
 At
the end of each assessment our consultant will sit down with you and provide you
with the deliverables listed below in both hard copy and soft copy format.
We will discuss each of the key areas within the report to ensure the impact of
our findings are fully understand and where necessary provide details on how
best to address any issues identified.
Our deliverables to
you at the end of this process will be:
Ø Detailed reports on any
vulnerabilities discovered with the appropriate remedial
actions and links to the relevant patches.
Ø A detailed report on how your
security infrastructure relates to the ten key sections of
the BS 7799 Information Security Standard, which are;
-
Security policy
-
Organization of information
security
-
Asset management
-
Human resources security
-
Physical and environmental
security
-
Communications and operations
management
-
Access control
-
Information systems
acquisition, development & maintenance
-
Information security incident
management
-
Business continuity
management
-
Compliance
Ø A list of recommendations on how to
mitigate any issues identified during the review.
Ø Peace of mind and assurance that
your information security is in line with recognised
industry standards.
For more information on our security
assessment service please
contact us and one of our consultants will
respond to your query. Alternatively you may download our
brochure.
| 
