Security Risk Assessment


Security Assessment

 Security Risk Assessment Services

Security Assessment services will help you develop an understanding of your current capabilities; identify likely threats and the potential vulnerabilities in your security strategy, helping you to develop an organisation that is resilient to cyber threats.
Firewall Rule Review  
When a firewall is initially installed, it should be tested to ensure it is operating as required. Over time, if left unchecked, firewall can often be weakened by temporary rule changes being left unresolved and additional rule complexity creating unforeseen gaps. Reviewing firewall rules every 6 months ensures gaps are discovered and remedied. This is also a PCI requirements (1 and 6).


Network Assessment 
Methodic assessment of network security, including patch levels for mainstream and bespoke applications, backup software, which when compromised can provide unexpected high levels of access to a network.


Wireless Audits
Anyone can see the network and therefore, attempt to access it. With Wireless network security assessments can be used to test authentication methods.

Identify what wireless access points are on their network and ensure they are correctly configured with encryption and authentication.


Architecture Review 
An architecture review offers significant value in ensuring the client has up-to-date documentation and that the logical design is secure and robust.


Database Audit 
Databases hold critical and sensitive data. An audit goes beyond checking patch version and network scan. Service provides a comprehensive audit of common databases (Oracle, SQL server, etc), to find configuration and schema weaknesses that might result in data loss or put data integrity at risk.


Server Forensic Audit 
A deep assessment of a single host. Consultant will extract data (registry, log data, etc) central to the functioning and configuration of the server. Report produced identifies weaknesses and make recommendations for improvements.
Information Security Assessment Services
  • Bespoke & Web-based Application Testing 
  • Web Application Architecture Reviews 
  • Application Code Reviews 
  • Testing of mobile devices 
  • Enterprise Application Security Testing 
  • Enterprise Database Security Audits 
  • SCADA Process Control Audits 
  • VoIP Assessments and Security Consultancy
  • Mail Server Deployments 
  • Infrastructure and Architecture Security Reviews 
  • Scenario-based Penetration Testing 
  • Automated Infrastructure & Application Perimeter Testing 
  • Phising Test 
  • Client Side Attacks 
  • Personal Information Security Protection 
  • Targeted Trojan / Malware Analysis
Scanning
    • CESG Check IT Health Check 
    • Wireless 802.11x Assessments & Rogue Access


      Application Build Review
        • Firewall Rule Base Audit 
        • Client Security Testing (kiosks, workstations, laptops, mobile devices) 
        • War-Dialling 
        • Information Security Reviews 
        • VPN / RAS Architecture Review

          Social Engineering
          Allows you to test the effectiveness of your security awareness training program, or lay the foundation for creating one.
          • Telephone Based Social Engineering
          Verbally steer the user into surrendering sensitive information like passwords, or to execute malicious software that gives attackers remote control of their workstation. Our experts work with you to identify appropriate scenarios to test your employees to prevent attackers from thwarting common phishing security controls. 

          • Physical Social Engineering 
          • Phishing Email and Click
          Deploys a simulated phishing email to a significant population of your employees to test whether they click on malicious links that they shouldn’t.


          Brand Attack & Privacy Services
          Review and test both corporate resistance to targeted attacks on users and your Corporate Public Profile.


          Computer Forensics and Incident Response
          • Forensics Analysis 
          • Information Security Incident Management 
          • Secure Data Recovery & File Password Cracking



          Compliance, Risk and Audit
          • PCI ASV Testing
          • PCI QSA Audits and Consultancy
          • ISO27001 Implementation
          • GSX CoCo Testing

          • Risk Management
          • Business Impact Analysis 
          • Third Party Risk Assessments
          • Business Continuity Management
          • Best Practice Advice


          Automated Vulnerability Assessment

          Benefit from on-going automated vulnerability assessments:

          Vulnerability scanning provides you with the assurance that your infrastructure is being scanned at regular intervals. All results are again verified to ensure that you are only alerted where a potential issue exists, false positive findings are removed by the dedicated Managed Services team. Scans can take place monthly, quarterly or on an adhoc basis with all parameters agreed in advance.
          • External & Internal Network Scanning 
          • PCI ASV Compliant 
          • Ad-hoc or Pre-Programmed Regular Scans 
          • Highly Granular Scanning Runs



          Security Awareness Workshops
          • Secure Coding Workshop
          • Social Engineering Workshop
          • PCI DSS Workshops
          • Information security workshops


          Physical Security
          • Building Access Security Audits
          • Facilities Management System Reviews
          • CCTV Control Reviews