Risk Assessment
  • Vulnerability Assessment – Technology is frequently mis-configured or mismanaged, which in turn introduces points of weakness into the organization. Every device connected to the network has the potential to allow an attacker in. Vulnerability assessments can be used against many different types of systems such as networked based, host based, or application based. Vulnerability Assessments are necessary to identify vulnerabilities, but also are necessary to show changes in the environment over time as the organization grows and changes.  READ MORE
  • Website Security – Security risks have moved beyond the network and operating systems. Website Security Assessment problems are more significant in the application and access to data through applications. Many companies only test for functional requirements in application testing.  READ MORE
  • Business Continuity Planning – Many compliance objectives mandate BCP programs in order to ensure the availability of data and services in the event of a business interruption. In recent years there have been notable natural disasters that have helped raise awareness for the need of BCP planning at organizations. IT departments lack the expertise and staff to start or maintain existing BCP programs, leaving companies at risk of data loss and or the ability to conduct business as required by agreement. READ MORE
  • GAP Analysis – A Gap analysis can be a standalone project or in most cases combined with a Road map Strategy Development project.  The process identifies the gaps between current practices and best practices. Many organizations have never quantified and identified the weakness in their security processes and where they their security posture should be according to best practices. This is a critical step in reducing future threats to the organization. If a Gap analysis has been done, typically it is only focused on security tools, not the business processes used or the business function required. A complete Gap analysis has to focus on people, process, and technology. READ MORE
  • Temporary CSO – Many organizations have the overall IT organization handling the IT Security function without any dedicated security guidance.  Your company may not need a full time Chief Security Officer or may not have the budget for it currently as a Chief Security Officer can be very expensive to have in-house. Even a dedicated CSO often has other responsibilities thrust upon them, diluting their security role. With an external CSO, you can have dedicated guidance at a fraction of the cost. READ MORE
  • Security Architecture Analysis – Many organizations have ad-hoc security measures in place or have implemented security procedures and technology as needed without a system wide review of what is necessary. Unplanned security architecture can leave holes in the environment that are not readily apparent or security spending can be on the wrong technologies without an understanding of where the risk truly lies in the architecture. A robust security architecture strategy is an end-to-end analysis of potential risk based on business requirements. All applications running and their risk levels have to be integrated with network security requirements and these have to meet practical policy and procedural processes. READ MORE
  • Wireless Architecture – Wireless security has become both an internal and external problem. Companies are implementing wireless infrastructures internally and many times do not properly secure the design. Employees can setup wireless access to the internal corporate infrastructure to bypass security controls or access the network from insecure wireless networks on the road or at home. This poses an entry point into the network that can be hard to control, monitor and audit. READ MORE
  • Application Security – Security risks have moved beyond the network and operating systems and are more significant in the application and access to data through applications. Finding and fixing security problems early in the development cycle is more efficient and cost effective than testing after the application goes into production. Security vulnerabilities can be identified early in the development phase through a structured approach.  READ MORE
For more information please contact us.