| |
|
|
PENETRATION TESTING
External testing to attempt to compromise critical IT systems
Simulate the motives and techniques of an attacker
Conduct internal testing to evaluate the risk from staff and partners
Attempt to escalate privileges from a standard user account
Conduct testing of service providers to validate their protection systems
|
|
VULNERABILITY ANALYSIS
Compare IT systems against current vulnerabilities
Check patch and software versions of all systems
Grade non-compliant systems against severity of the vulnerability
Implement a system of remediation and automated patching to improve compliance
Investigate whether lack of security patches had led to a successfull breach
|
|
|
| |
|
|
|
| |
|
|
|
FIREWALL ASSESSMENT
Security review of single or clustered firewall systems
Evaluate firewall rulebase for potential methods of attack
Review change approval process for new firewall rules
Document firewall management procedures, backup, patching, failover, etc.
Evaluation of staff charged with management of the firewall systems
|
| |
ARCHITECTURE REVIEW
Review documentation of infrastructure
Validate that the implemented solution matches the documentation
Evaluate the design and security controls for potential attacker entry points
Do high availabilty failover solutions exceed the maximum permissible downtime for the service?
Do the security systems provde adequate protection for the value of the assets being secured?
|
|
| |
|
|
|
PRIVACY STATEMENT
