Security Assessment describes the process by which we can examine aspects of your network design, implementation, policies, and administration and provide you with insight as to:
- Risks associated with your network, both in design and implementation
- Where effort might best be spent in remediation of those risks
- What practices increase your risk of attack and possible penetration
- Issues in your network design that may surface as risks in the future
Risk Analysis must take many factors into account in order to be credible and useful. Our methodology has evolved over many clients and many different assessment projects, and is designed to capture as much information as you are willing to provide. Many security services offer a "penetration test", in which they run simple tools against the edges of your network and provide you with a complicated and difficult-to-understand technical report. Our methods are more comprehensive. We examine the network, the business goals and practices which drive the use of that network, the configurations of the systems within, and the personnel and administrative organizations which maintain them. We compare this data with industry best practices and your intentions, goals and business considerations to create a model which describes the specific risks to your enterprise. Our report is organized to provide management with a complete understanding of the essential issues, as well as a technical appendix that can be used by IT staff to direct any needed changes to the network.
You need confidence in an assessment of this nature, and so we work at every step to make certain that you can rely on us and our discretion and honesty. Our policy is that we do not contract for remediation work based on our own assessment reports, so you know that we are providing you with a full and honest analysis unbiased by any desire for additional work. We do not perform "Red Team"-style attacks, in which we gain the trust of your IT staff and then abuse that trust in order to penetrate the network. Instead, we work closely with core members of your IT staff from the beginning, and develop a relationship with them. Our goal is to help them help you to have the best and safest network possible. This non-adversarial relationship enables your IT staff to work with us to find problems, not to hide them to protect their jobs or reputations. That means better information, which means better end results.