360
Information Security

Security Assessment

Introduction

Today, the job of building and maintaining IT systems is more complex than ever before. The imperative for business continuity, a mobile workforce, distributed applications, and new infrastructure concepts like grid computing all conspire to prevent you from securing your network. Meanwhile the consequences of any failure in security have increased several-fold. There are more stringent regulatory concerns, more critical transactional links to suppliers, organised crime and extortion, and personal privacy obligations. All this in an environment where litigation is rife.

Together this increase in complexity coupled with greater penalties for failure mean that you need a higher level of assurance that your investments in security are delivering. Are they deployed in the right place? Are they configured according to best practice? Are they operating as the vendor stated?

By following best practices in security deployment, having a clear architecture, and making the most appropriate use of products and services you can greatly reduce your exposure to risk while being able to ‘do more with less’.

Our Security Assessment and Penetration Testing services will allow you to benchmark existing security measures, identify necessary remedial actions and gain the assurance that you need in order to get on with providing an effective IT service to the rest of your business. With consultants working in the field of security since 1995 we can offer you the assurance that customers, shareholders, auditors, and partners demand.

Approach

We understand that every business and industry is unique and that every project will require a tailored approach. Our success formula is based on listening to individual client needs, and from this, building an effective delivery framework from a vendor neutral position.

We believe success in business is built on relationships that are founded on trust, clear lines of communication and coordinated action, supported by technology. It is your business and we believe in providing the complementary skills, approach and tools to deliver against your objectives while ensuring you retain control over what is happening. As a result, we enjoy repeat business from satisfied clients who endorse our reputation as world-class professionals by getting us to do what we do best, deliver.

Depending on your requirements, we can conduct external or internal infrastructure assessments, on fixed or wireless networks across a mixed environment of systems and vendors. Subject to your approval we can carry out testing all the way from analysis to vulnerability exploitation.

Our first task is to ascertain precisely what you expect from the engagement, and to clarify these requirements before documenting them. The deliverable is a comprehensive report prepared by a highly qualified and experienced consultant (not an automated system).

Should you require assistance in implementing some or all of the recommendations in the report, we are able to provide consultants, along with project management for your own staff should you wish to carry out the work yourself under supervision.

People

Our consultants are experts, having worked previously in senior security roles for the worlds largest and most successful ISP. With an estimated 70% of the Internets traffic passing over their network, they deployed and managed thousands of systems securely for blue-chip Times Top 100 and Fortune 500 customers. We have advised a number of public bodies including the Financial Services Authority and the Criminal Intelligence Units of a major UK police force. Staff are highly referenceable via previous engagements with top 5 Investment Banks, Telcos, Security vendors and ISVs.

All our consultants have previously occupied positions of responsibility within organisations where the buck stopped with them for security management.

Research & Technology

In order to keep abreast of the latest developments in attack and defence technology, we carefully monitor security newsgroups, mailing lists, web sites, and chat rooms. In addition to this, we operate a number of Internet connected systems in the UK and abroad, each of which records hacker scanning and infiltration attempts against OS and popular 3rd party applications. During the execution of our duties we routinely use a mixture of open source, commercial, and in-house developed tools.

Deliverable

Our reports are written to be understood and acted upon by our clients. They are approachable, pragmatic, and unambiguous. Each is broken into sections you would expect to find in any high quality management report. This allows the CIO, the Network Manager, and Technician to immediately turn to the chapter they need to carry out their job effectively. Our consultants are available to explain the reports findings via conference call or in person.

Conclusion

Many organisations already make Security Assessments or Penetration Tests a regular part of their information security management program. By scheduling annual checks and making sure that new IT deployments have an assurance element, you can better control the risks inherent in running a modern IT environment.

Our security assessment will give you;

  • Expert opinion on your relative level of security versus other companies in your industry.
  • Prioritised vulnerabilities, suggestions for remedial action.
  • Assurance that your systems are configured according to best practice.
  • Guidance for future similar deployments.
  • Reduced exposure to risk for your business.