IT Security Assessments

Independent vulnerability assessments of your Web sites or applications are a great way to uncover some of the greatest risks to your business. Whether it’s an in-depth look at all of your Web-based server systems, a penetration test of a specific Web application this assessment is beneficial for product marketing, regulatory and business partner contract compliance, and general improvement of the end product. Or, if your organization falls under the PCI Data Security Standard requirements, we can help you with your security assessments. Using well-known and widely-accepted commercial tools as well as in-depth manual analysis we will look at your Web site/application from an untrusted outsider, trusted insider, or both. We’ll provide you with a detailed report* on exactly what you need to focus your efforts on to reduce your risks. We can also perform a remediation validation assessment and deliver a summary report outlining which of the initial assessment findings have been resolved for you to share with your customers or business partners. Consider this type of testing if you’re an organization with a Web presence, software vendor or development firm looking to enhance your application or product positioning from an information security or compliance perspective, responsible for the security of in-house applications, or you’re looking to evaluate third-party software before making an investment.

Network vulnerability assessments are great for discovering technical weaknesses that exist in your computers, wireless systems, and overall network. Sometimes referred to as penetration tests and vulnerability assessments, We can tailor this type of testing based on exactly what you need. Using well-known and widely-accepted commercial tools as well as in-depth manual analysis We will look at your external and/or internal systems from the perspective of an untrusted outsider, trusted insider, or both. We’ll provide you with a detailed report* on exactly what you need to focus your efforts on to reduce your risks. Consider this type of testing if you wish to determine where your systems are currently vulnerable or wish to have periodic assessments (i.e. quarterly, bi-annually, etc.) to ensure no new vulnerabilities have cropped up and to help your organization meet the various regulatory requirements for ongoing security evaluations.

An information risk assessment will help you determine where your business stands with regard to overall information risk and perhaps, prepare for that formal audit from a regulatory body, business partner, or other third-party. We will assess your organization’s current information security and IT practices and identify gaps and business risks. Consider this type of assessment if you’re wanting to find the operational security issues in your business in order to take your information security program to the next level or your organization is about to be audited and you need to get things cleaned up beforehand to help make things go more smoothly.

If your business has been hacked or you suspect some form of security breach (internal or external) has occured, We can help you find the operational and technical security weaknesses that may have been exploited and consult with you on how you can improve your technical controls and/or IT operations to prevent future breaches from occuring. We don’t do formal forensics analyses but, just as importantly, We can validate that what you’re doing – or have done – to resolve the issues that led up to the breach is proper and reasonable in the context of information security.