Activities in a Rapid IT Security Assessment

• Vulnerability Scanning – Identify system vulnerabilities by scanning Internal and external IP addresses. We deliver a detailed report listing identified vulnerabilities, our expert interpretations and recommendations.
• Penetration Testing – An active attempt to exploit system vulnerabilities and gain access to protected systems. We deliver a report listing identified exploitable vulnerabilities and recommended remediation.
• Architecture Review – Review the network architecture, compare it to best practices for security and deliver a gap analysis with recommendations.
• Active Directory Review – Review Group Policies and Default Accounts and report on gaps compared to best practices.
• Password Policy Review – Run a password scanner against Active Directory to exploit weak passwords and report on accounts with weak passwords.
• Social Engineering Testing – Attempt to discover confidential company information via anonymous phone call, a common form of exploitation by infamous hackers. Our report details the information discovered and ways to prevent future attempts.
• eCommerce Compliance Review – For companies conducting eCommerce we assess PCI compliance and make recommendations where gaps are uncovered.
• Wireless Network Penetration Testing – Run wireless penetration tool against corporate wireless access points in an attempt to crack wireless encryption and gain access to internal network. We’ll recommend actions to remediate issues discovered.
• Risk Assessment – Identify critical systems and associated risks by interview team members and detail recommended actions to insure confidentiality, availability and integrity of the data, acceptable downtimes and recovery points.
• System Event Management – review systems and practices for centrally collecting system events from firewall, routers, switches, servers for escalation and analysis, and process to take action when security events are discovered.