Vulnerability Assessments assess the security posture of your external and internal network and systems. All external IPs and active internal devices on the network are evaluated. Much more than just a vulnerability scan, our analysts will examine your information systems for implementation of industry best practices and perform a technical review to identify and report known vulnerabilities and configuration errors. We use manual, hands-on techniques to validate vulnerabilities and remove false positives. Our internal vulnerability assessment includes reviews of servers, boundary firewalls, virtual infrastructure and wireless networks to help safeguard your systems and critical data.
Penetration Testing subjects systems to real-world attacks in an attempt to gain system access or obtain sensitive information. Penetration testing involves two main components, an External and/or Internal Vulnerability Assessment to identify systems, vulnerabilities and configuration issues, and an Attack Phase where attempts are made to exploit found vulnerabilities. Various techniques are used including, but not limited to, manual techniques and automated tools, to exploit found vulnerabilities and to determine the risk of those vulnerabilities.
Vulnerability Scans are an excellent complement to a full vulnerability assessment or penetration test to validate remediation efforts and uncover new vulnerabilities or configuration issues. Both external and internal scanning are offered. Internal scanning is performed through a virtual or physical machine installed on your network and is credentialed or non-credentialed per your preference. Critical vulnerabilities are immediately brought to your attention so that quick corrective action can be taken.
Social engineering is a process to evaluate what many consider the weakest link in your information security posture; the human element. Social engineering leverages the human nature of curiosity and good will to lure someone into divulging sensitive information such as network credentials or to take actions that may allow network access. Email phishing, USB device drop and vishing (phone calls) are methods used to evaluate awareness and response by employees and the IT team.
A Physical Security Review is an evaluation of the measures taken to provide for the physical security of your organization’s information systems as well as client information and vital records maintained on other media. We review and assess eleven key issues within three broad areas critical to effective data facility security; Vital Records and Information Security, Administration, and External Conditions.
Contact Us Today For Free Consultation
Reach out to us to schedule a consultation and learn more about our information security risk assessment services. We will evaluate your organization’s vulnerability, risk level, and the steps necessary to prevent breaches. You can contact Security Compliance Associates at (727) 571-1141.