Internal network-based vulnerabilities can allow an attacker to exploit, escalate and pivot within an internal network, compromising information confidentiality and threatening integrity and availability. This module will produce:
- Internal Risk Summary Report - An executive level overview highlighting critical internal information security risks.
- Full Network Vulnerability Assessment Report - A detailed report communicating all findings from an internal network vulnerability assessment. The Internal Risk Summary Report is the high level analysis of these findings.
- Asset Detail Report - A report identifying the network visible assets as discovered during the network vulnerability assessment.
By adhering to defensive administrative best-practice, the likelihood of compromise from unidentified vulnerabilities and complex threat attacks (multi-vulnerability chain) is significantly reduced. This module will produce:
- Security Risk Report. An executive level overview highlighting the current adherence to or deviance from known defensive administration best-practice.
- Security Policy Assessment. A detailed review of the security policies that are in place on both a domain wide & local machine basis.
- Shared Permissions Report. A comprehensive list of all network “shares” by machine, detailing which users & groups have access to which devices & files, & what level of access is permitted.
- User Permissions Report. A list of permissions by user, showing all shared computers & files to which individual employees have access to.
External network-based vulnerabilities can allow an attacker to remotely exploit, escalate and pivot into an internal network or public-facing infrastructure; compromising information confidentiality in depth and threatening integrity and availability. This module will produce:
- External Risk Summary Report. An executive level overview highlighting critical external information security risks.
- Visible External Service Vulnerability Report. A detailed report communicating all findings from an external network vulnerability assessment. The External Risk Summary Report is the high level analysis of these findings.
Knowing your IT security posture is a critical step in understanding your information security risk. Take the important ‘reasonable step’ required to protect confidential and business critical information.
Even with the best security software and infrastructure deployment methods, you still need to ensure that the same conscious effort has been applied to the physical access. We therefore also assess:
- Report of access & conditions. An executive level overview highlighting location, security & other hazards relating to the server room location & conditions of the room
- Images included: with permission we will include photographic evidence of the location and highlight the concerns or risks