Comprehensive Security Assessment | The Comprehensive Security Assessment provides your organization with a complete evaluation of its overall information security posture and a roadmap of recommendations to mitigate any issues discovered. This engagement focuses on technical vulnerabilities existing in the environment, how the infrastructure has been designed and implemented, and seeks to identify vulnerabilities which exist due to insecure architectural decisions and related configurations.
The assessment is conducted in five parts, beginning with an Architecture Assessment which investigates the design and configuration of the network’s various components. Analysis is performed to determine their overall positive or negative impact on corporate security posture. This is followed by an investigative process to identify and review any technical vulnerabilities that are found on the network. Focusing on both an external (Internet) and internal perspectives, ATI will review the DMZ, data center and a sampling of workstations to identify and report current weaknesses and attack avenues. The remaining three parts of the engagement focus on specific security control reviews: The Technical Controls Review focuses on systems including firewalls, intrusion detection/prevention systems, anti-malware, mobile device management systems and endpoint protection solutions. This review provides a detailed look at the quality of the implementation of that control through eight areas: Appropriateness, Completeness, Configuration, Current Patch Set, Current Version, Local Security, Solution Maturity and Support Contract. These eight items are reviewed and scored allowing for a rollup scoring of the complete set of technical controls. The Operational Controls Review focuses on critical procedural and administrative controls. These include Disaster Recovery/Business Continuity Plans, Change Management Procedures, Internal Audit Processes, and other policies and supporting procedures. The Physical Controls Review focuses on policies and procedures relating to access controls, asset storage, data center security, alarms and monitoring.
Other advisory offerings