External and Internal Network

A vulnerability assessment identifies known vulnerabilities within a company’s infrastructure and includes the identification of entry points for potential attacks. Being provided with a list of recommendations relating to those vulnerabilities, the company can proceed to mitigate those vulnerabilities to reduce their exposure to such security risks and the associated threats.

The assessment is done through a combination of automated scanning tools, utilising a credentialed or non-credentialed scan and manual testing techniques to verify the issues identified by the scanner to eliminate false positives.

Vulnerability assessments are done for both internal and external facing infrastructure, providing the company with a dual independent assessment of the Internet facing assets as well as the internal infrastructure.

External and Internal Network

Hardening reviews provide an additional security level from a vulnerability scan as it allows the relevant system and device to be security hardened in accordance to an International standard and vendor security guidelines. Such reviews tend to uncover additional weaknesses in the technical configuration of the servers and devices.

Information Security Policy creation and review

An Information Security Policy review provides an extensive review of your current policy against International standards code of practice for information security controls as well as local Government mandated regulations. Such a review would cover over 14 domains which include,

• Information security policies
• Organization of information security
• Human resources security
• Asset management
• Access control
• Cryptography
• Physical and environmental security
• Operations security
• Communications security
• Systems acquisition, development and maintenance
• Supplier relationships
• Information security incident management
• Information security aspects of business continuity management
• Compliance

In addition, we would be able to perform a compliance review of your Systems and Services against your updated policy. This allows for a gap analysis to be conducted to evaluate the adequacy and effectiveness of technical controls and supporting process to assess the level of compliance.