Information Security Assessments

 

Security Assurance and Risk Assessments

 

Overview

Security Assurance (SecAssure) & Risk Assessment includes an analysis of the effectiveness of a company's or specific system's security controls.  Our service includes adaptive techniques to work with organizations to review the risk associated with a company's overall security design, implementations of sensitive e-commerce applications, and overall risk identification to ensure that proper security controls are utilized. 

Benefits

A SecAssure & Risk Assessment can help save your company time, money and the embarrassment of a bad audit by finding discrepancies before an audit occurs and before an attacker does.  In addition, by allowing Emagined Security to perform the assessment for you, you receive the most accurate and unbiased report of your strengths and weaknesses in the information security arena.

Emagined Security has developed this process to assess information security processes and controls in order to ensure that organizations preserve the integrity, confidentiality and availability of their information and computing resources.

Description of Service

SecAssure & Risk Assessments start by evaluating crucial components at the corporate and technical levels.  These reviews are broken into Security Foundation Assessments and Security Implementation & Configuration Reviews.

  • Security Foundation Assessment
    • Security Program Assessment
    • Security Technology Assessment
  • Security Implementation & Configuration Review
    • Configuration Reviews
    • Internal / External Vulnerability Scans

In order to perform the Security & Risk SecAssure Assessment, we will follow a methodology that will proceed through seven stages:  

Phase

Description

  1. Review Existing Security Policies, Processes, and Practices
  2. Interview Staff Members
  3. Assess Current Controls
  4. Identify Technical Vulnerabilities and Business Risks
  5. Determine Proposed Recommendations or Solutions
  6. Document Current Security Posture
  7. Prioritize  High-Level Roadmap

 Security Foundation Assessment

The Security Program Assessment provides an analysis of the effectiveness of a company's security controls based upon ISO 27001, 27002. This task will assess the current security posture, contrast it against industry standards and best practices, and make recommendations to attain your security goals.  Emagined Security recommends that you periodically assess your security environment to ensure that you are in compliance with each regulation that governs your industry. 

  • Review of current documentation, policies and practices
  • Interviews with key personnel
  • Comparisons against "best practice"
  • The SecAssure security categories that we examine include:
  • Security Policies, Standards & Guidelines
  • Security Organization & Infrastructure
  • Security Asset Classifications
  • Personnel Security & Training
  • Physical & Environmental Security
  • Network, Communications & Operations Management
  • Telecommunications Security
  • Systems Development & Maintenance
  • Security Administration & Access Control
  • Anti-Virus Protection
  • Incident Response Identification & Response
  • Business Continuity Planning
  • Legal Compliance
  • Privacy

The Security Technology Assessment performs a high-level security review of the external security boundary along with selected key areas and systems to determine potential vulnerabilities and risks.  The primary systems and areas of interest include:

  • Internet Connectivity
  • Remote Access
  • Business Partner Connections
  • Critical Internal Network Infrastructure
  • Application Security Infrastructure

For these areas, the topics on which we will typically focus are:

  • Identification And Authentication
  • Password Management
  • Resource Access Control
  • Data Security
  • Security Event Logging
  • Intrusion Detection And Reporting
  • Virus Protection
  • Operating System Patches
  • Emergency Response
  • Data Backup And Archiving
  • Contingency Planning
  • Operations Procedures
  • Vendor Access Control
  • Software Development Standards
  • Change Control

 Security Implementation & Configuration Review

The Configuration Reviews will perform key Technology Equipment reviews (e.g., firewalls, routers, servers) and make cost effective recommendations.  This review provides an internal perspective of technology to determine if configurations are adequate.

The Internal / External Vulnerability Scans performs a limited external vulnerability assessment against the COMPANY Internet architecture (i.e., firewalls, DNS servers, routers, hubs, load balancers, and supporting systems).  By attempting to gain access to the systems on the Demilitarized Zone (DMZ), Emagined Security will attempt to identify risks associated with the current security configuration.