Security Assessments

April 7, 2017

Development and implementation of a security plan is essential to safeguard your company's data and minimize risks to unintended privacy disclosure.  There are many aspects to security and a good place to start is to hire a services company to perform an audit to assess your current risk exposures.  Here is a list where by United Force can help you create a security policy and focus on the following areas in our report.


Security Controls


Physical controls e.g. fences, doors, locks and fire extinguishers;


Procedural controls e.g. incident response processes, management oversight, security awareness and training;


Technical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls;


Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses.

A similar categorization distinguishes control involving people, technology and operations/processes.


Information security controls protect the confidentiality, integrity and/or availability of information (the so-called CIA Triad). Again, some would add further categories such as non-repudiation and accountability, depending on how narrowly or broadly the CIA Triad is defined.


Risk-aware organizations may choose proactively to specify, design, implement, operate and maintain their security controls, usually by assessing the risks and implementing a comprehensive security management framework such as ISO/IEC 27002, the Information Security Forum's Standard of Good Practice for Information Security and NIST SP 800-53 (more below). Organizations may also opt to demonstrate the adequacy of their information security controls by being independently assessed against certification standards such as ISO/IEC 27001.


Risk Management Framework


  •  Assessment methodology phases

  •  Technical assessment techniques


Why do assessment?


  •  Help confirm that systems are properly secured

  •  Identify any organization security requirements that are not met, and other security weaknesses that should be addressed

  •  Meet requirements to periodically assess systems

  • Specifics to concentrate on.


Examination techniques, generally conducted manually


  •  Evaluate systems, applications, networks, policies, and procedures to discover vulnerabilities

  •  Techniques include

  •  Documentation review

  •  Log review

  •  Ruleset and system configuration review

  •  Network sniffing

  •  File integrity checking


Testing techniques, generally performed using

automated tools


  •  Identify systems, ports, services, and potential vulnerabilities

  •  Techniques include

  •  Network discovery

  •  Network port and service identification

  •  Vulnerability scanning

  •  Wireless scanning

  •  Application security examination

Share on Facebook
Share on Twitter
Please reload

Featured Posts

Do you find yourself getting into "fire-fighting" mode when deals need to be finalized? United Force has found it's common for sourcing professionals...

Contract Negotiations

April 7, 2017

Please reload

Recent Posts

April 9, 2017

April 8, 2017

Please reload

Please reload

Search By Tags
Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

© 2017 by United Force LLC