Network Security Assessment

Our security assessments are designed specifically to meet regulatory requirements and address the needs of any size organization. To determine the adequacy of your existing security controls and to identify security deficiencies, our seasoned security experts will conduct a thorough examination of your IT infrastructure. The assessment includes manual false positive reduction services and vulnerability analysis to determine severity, and a best-practice review.

The assessment process is managed through the company’s cloud-based software solution, Risk Cognizance, allowing you convenient access to a variety of tools that can be used to continuously assess the three core components of your information security program – people, processes, and technology.

A security assessment that is conducted remotely includes:

  • Internal and external port scan

  • Internal and external network vulnerability scan

  • Asset classification assistance

  • Risk Cognizance setup, implementation and access to vulnerability management, ticketing and reporting capabilities

  • Network vulnerability review (false positive reduction of scan data through a manual third-party review)

A Comprehensive Security Assessment (CSA) includes these additional services:

  • Risk Cognizance setup, implementation and access to vulnerability management, compliance, policy, training, ticketing and reporting capabilities

  • Policy reviews

  • Policy awareness reviews

  • In-depth regulatory and/or best practice review

  • Regulation call to assist with self-assessment

  • Network topology review

  • Internal network vulnerability review

    • False positive reduction of scan data through manual third-party review

    • Validation of false positive review through manual third-party analysis

    • Advanced manual vulnerability analysis to determine vulnerability severity

When conducted onsite, the CSA also includes:

  • Wireless access point identification, including rogue

  • Physical security review

  • Dumpster diving at main facility

  • Offsite consultation and remediation strategy

CSA results are provided in an extensive report containing:

  • Project overview

  • Comprehensive security assessment methodology

  • Executive summary

  • Prioritized internal and external network risks and recommendations

  • Regulatory compliance analysis

  • Information security policy analysis

  • Executive level PowerPoint of assessment

  • Differential reporting

  • Appendix

On-going CSA services, via Risk Cognizance, include:

  • On-demand generation of comprehensive reports

  • Unlimited client-executed scans with third-party remote false positive validation

  • Regulatory compliance and security assessment evaluation metrics through self-assessment

  • Automated policy development software and policy management

  • Automated training development software and training management, including access to security awareness training content