The Internal Systems Vulnerability Assessment and Analysis (ISVAA) is designed to assess the security posture of your internal network and systems. Again, every device within your company's network is evaluated. SCA's seasoned professionals will examine the internal information systems for implementation of industry best practices and perform a technical review to exploit known vulnerabilities and configuration errors.
To assist you in securing the information systems, the results will be evaluated and false positives will be removed. This produces a useful report that can be used to resolve problems and identify best solutions. SCA will never provide a report that has been auto generated by a tool, as they are extremely long and contain a multitude of false positives. Our value is providing useful information that's customized to your institutions needs will help protect sensitive information immediately and effectively.
The ISVAA will initially be conducted with limited knowledge of the environment. The security engineers will not have knowledge of network designs/configurations and will not have logon credentials. The purpose of this is to simulate what would happen if an unauthorized individual were to gain access to your network. Network analyzers (aka Sniffers) will be used to observe and capture data as it traverses the network. Network scanners will be used to identify systems and isolate critical systems to be targeted. All systems will be examined for configuration errors and known exploits.
The next phase of testing will be conducted with knowledge of your information systems. This will allow SCA to perform a thorough audit to ensure your systems meet industry best practices and conform to current required regulations. We will work directly with your IT staff to identify and document daily procedures.
Below is a high-level overview of the tasks that SCA will perform and evaluate during the engagement.
- Network diagrams and configuration files will be reviewed in this phase
- Network discovery
- Review of network and system design
- Port scanning
- Manual probing of available services
- IDS/IPS evasion and alerting testing
- User/group management review
- Review of information systems physical access control
- Review of server auditing and logging
- Review anti-virus configuration
- Password management review and audit
- File system access review and management
At the conclusion of SCA's comprehensive testing, you will be provided with a comprehensive report that can be interpreted by technical staff and non-technical executive management. The report will identify all severe-risk, high-risk, moderate-risk and low-risk findings and provide specific recommendations for eliminating or mitigating the identified risks. Once our recommendations are fully implemented, we are confident that you and your company’s reputation will not be easily breached or compromised.
Microsoft yesterday issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."
Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server. While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators.
Hackers flying the AntiSec banner today released what they said was 400 megabytes of internal data from a government cybersecurity contractor, ManTech, as part of their campaign to embarrass the FBI every Friday, as well as target other government agencies and their partners.
The U.S. Attorney's Office in Houston has brought charges against four men for stealing more than $400,000 as part of an ATM skimming scam targeting local banks.
Morgan Stanley Smith Barney is the latest company behind Sony and Epsilon to have its customers' personal data compromised.
A gang that made more than $72m (£45m) peddling fake security software has been shut down in a series of raids.
