Discover Cyber Diligence’s Services
Give us a call to discuss your needs.
IT Security Assessments
It is critical to secure information to ensure its Confidentiality, Integrity, and Availability.
Organizations are, in general, becoming increasingly dependent on information technology infrastructures to the point where day to day operations would come to a screeching halt without these systems. This appears to be particularly true for corporations, where the ability to communicate and access information is critical. Therefore, it is critical to secure information to ensure its Confidentiality, Integrity, and Availability. Today, there are many solutions that address specific security risks; however, without a well-designed security policy, security organization, and appropriate training, no organization can be secure against increasingly-sophisticated adversaries.
There are no silver bullets when it comes to IT Security—only the best practices. New attack vectors are constantly developing and becoming more sophisticated each day. The Internet has enabled criminals to launch attacks against organizations to steal critical data from thousands of miles away with practically no risk of prosecution. There are organized criminals who work meticulously to steal your critical data for purposes of either blackmail or sale of the obtained data on the black market.
- Basic Assessment
- Mid-Level Assessment
- Comprehensive Assessment
IT Security Assessments Services
Our methodology for IT Security Assessments is a combination of industry best practices, along with the experience the assessment team possesses in conducting numerous IT Security-related investigations, as well as the lessons we learned from those events. In addition, having managed and secured large-scale IT infrastructures themselves, members of our assessment team understand the difficulties and challenges faced by the IT staff and can tell the difference between what is on paper and what is in reality. As a result, our recommendations reflect this philosophy of practical solutions. Because our objective is to get a true assessment of the cybersecurity posture of an organization, as opposed to satisfying certain regulatory requirements, we go beyond what was put on paper, and look into real-life practices with a healthy dose of common sense.
Cyber Diligence, Inc. offers three levels of IT Security Assessments:
- Complete a basic assessment of the organization’s IT Security Posture
- Perform a basic risk assessment
- Check to see if proper Policies and Procedures are in place such as Disaster Recovery, etc.
Recovery & Business Continuity, Acceptable Use, etc.
- Interview members of the IT Staff
- Examine Network Diagrams to ensure the network is configured properly
- Generally, one day per physical location on site
- Complete a detailed assessment of the organization’s IT Security Posture
- Examine Network Diagrams to ensure the network is configured properly and proper safeguards are in place
- Detailed examination of all Policies and Procedures
- Understand the Business Process of the organization
- Identify and interview the Business Process owners to understand the technologies that drive those processes
- Identify “Crown Jewels” of the organization and perform a risk assessment in terms of internal and external threats against the Confidentiality, Integrity, and Availability of those resources
- Perform vulnerability scans on a select number of servers
- Examine select workstations for abnormal activity
- Identify all exploitable weaknesses and single points of failure
- In addition to all steps taken during a Mid-Level Assessment
- Collect all Internet traffic for two days (each physical location) and perform risk analysis based upon usage patterns
- Scan all servers and select workstations for malware such as trojans, keyloggers, rootkits, hacker tools, etc.
- Perform physical security survey of all data centers
- Work with in-house IT staff to remediate the weaknesses found
- Perform penetration testing after all recommended measures are implemented
The above is a general description of the three levels of assessments we provide. Oftentimes, it is possible to create a custom level of assessment based upon the organization’s needs and expectations.