Overview

Security Assessment Assurance (SecAssure) & Risk Assessment involves an analysis of the effectiveness of a company’s security controls, or a specific system’s security controls. Our physical security testing service includes adaptive techniques to work with organizations to review the risk associated with a company’s overall security design, implementations of sensitive e-commerce applications, and overall risk assessment to ensure that proper cyber security programs and controls are utilized.

Benefits

A Security Assurance & Risk Assessment can help save your company time, money, and the embarrassment of a bad audit by finding cyber security program discrepancies before an audit occurs—or before a hacker finds them. Know what your information security risks are to save your organization in the future. In addition, by allowing Emagined Security to perform the physical security testing assessment for you, you receive the most accurate and unbiased report of your strengths and weaknesses in the cyber security arena.

Emagined Security has developed this process to assess information security processes and controls in order to ensure that organizations preserve the integrity, confidentiality, and availability of their information and computing resources.

Description of Service

Security Assessment Assurance & Risk Assessments start by evaluating crucial components at the corporate and technical levels.  These reviews are broken into Security Foundation Assessments and Security Implementation & Configuration Reviews.

  • Security Foundation Assessment
    • Security Program Assessment
    • Security Technology Assessment
  • Security Implementation & Configuration Review
    • Configuration Reviews
    • Internal / External Vulnerability Scans

In order to perform the Security & Risk SecAssure Assessment, we will follow a methodology that will proceed through seven stages:

Phase

Description

  1. Review existing security policies, processes, and practices
  2. Interview staff members
  3. Assess current controls
  4. Identify technical vulnerabilities and business risks
  5. Determine proposed recommendations or solutions
  6. Document current security posture
  7. Prioritize high-level roadmap

 Security Foundation Assessment

The Security Program Assessment provides an analysis of the effectiveness of a company’s security controls based upon ISO 27001, 27002. This task will assess the current security posture, contrast it against industry standards and best practices, and make recommendations to attain your cyber security program goals. Emagined Security recommends that you periodically assess your security environment to ensure that you are in compliance with each regulation that governs your industry.

  • Review of current documentation, policies and practices
  • Interviews with key personnel
  • Comparisons against “best practice”
  • The SecAssure security categories that we examine include:
  • Security policies, standards & guidelines
  • Security organization & infrastructure
  • Security asset classifications
  • Personnel security & training
  • Physical & environmental security
  • Network, communications & operations management
  • Telecommunications security
  • Systems development & maintenance
  • Security administration & access control
  • Anti-virus protection
  • Incident response identification & response
  • Business continuity planning
  • Legal compliance
  • Privacy

The Security Technology Assessment performs a high-level security review of the external security boundary along with selected key areas and systems to determine potential vulnerabilities and risks. The primary systems and areas of interest include:

  • Internet connectivity
  • Remote access
  • Business partner connections
  • Critical internal network infrastructure
  • Application security infrastructure

For these areas, the topics on which we will typically focus are:

  • Identification and authentication
  • Password management
  • Resource access control
  • Data security
  • Security event logging
  • Intrusion detection and reporting
  • Virus protection
  • Operating system patches
  • Emergency response
  • Data backup and archiving
  • Contingency planning
  • Operations procedures
  • Vendor access control
  • Software development standards
  • Change control

 Security Implementation & Configuration Review

The configuration reviews will perform key technology equipment reviews (e.g., firewalls, routers, servers) and make cost effective recommendations. This review provides an internal perspective of technology to determine if configurations are adequate.

The internal / external vulnerability scans performs a limited external vulnerability assessment against the company internet architecture (i.e., firewalls, DNS servers, routers, hubs, load balancers, and supporting systems). By attempting to gain access to the systems on the Demilitarized Zone (DMZ), Emagined Security will attempt to identify risks associated with the current cyber security program configuration.