The goal of the Risk Assessment is to provide the client with a comprehensive overview of potential security issues related to their computer network and establish steps to remedy identified issues.
MicroMenders offers a number of Risk Assessment solutions that, when taken together, comprise a comprehensive set of tools to examine and evaluate an organization’s IT security practices, policies and procedures. Each of the services we offer examines a different aspect of IT risk within your organization, including Perimeter Security, Enterprise Security Assessments, Policy and Procedure Assessments, and Penetration Testing and Vulnerability Assessment.
A client may choose to leverage our expertise in any or all of these focus areas in order to create a Risk Assessment that is most relevant to their business needs:
- Perimeter Security Assessment (PSA): An assessment at this service level includes internet facing and externally accessible portions of the network. The assessment focuses on the vulnerabilities most often exploited by unknown intruders on the internet due to improper design, improper configuration, poor administration or vulnerable code.
The assessment includes devices used for external network traffic such as routers and firewalls, as well as internet facing services and systems such as DNS and web servers. A PSA includes a thorough review of perimeter design, configuration and supporting documentation, as well as measuring the effectiveness of the implementation. Using automated software tools and manual techniques a professional Security Engineer measures network vulnerability from the outside of the network.
- Enterprise Security Assessment (ESA): An assessment at this service level includes an assessment of internal portions of the network, remote access and extranets. The focus is on vulnerabilities that are exploited once inside the LAN and emphasis is placed on the “defense in depth” philosophy.
An ESA includes a thorough review of internally implemented security practices and documentation, then measures the effectiveness of the implementation. The assessment includes internal devices, servers, clients and services including routers, switches, servers as well as software to secure those devices including OS hardening and traffic monitoring. Using a mix of automated software, manual testing, and hands-on practices, a Security Engineer evaluates the network for adherence to the practices which provide confidentiality, integrity and availability.
- Policy & Procedure Assessment (PPA): This is an assessment of how corporate policies and procedures measure up against the best practices and industry standards in the area of Information Security Management. A Security Consultant works with a variety of staff members at various levels of the client’s organization to assess the controls in place to meet the information security objectives of the corporation. This assessment may be particularly interesting to customers interested in regulatory compliance and policy documentation.
- Penetration Testing and Vulnerability Assessments (PTVA): We will provide a range of services to comprehensively analyze the current state of your network security. We test your security controls by attempting to break-in and compromise them. By ‘stress-testing’ your current or modified controls, you can concretely establish areas of weakness and address them accordingly. PTVA can also be used to validate remediation recommendations identified in assessments.