top of page

Security Assessments

Development and implementation of a security plan is essential to safeguard your company's data and minimize risks to unintended privacy disclosure. There are many aspects to security and a good place to start is to hire a services company to perform an audit to assess your current risk exposures. Here is a list where by United Force can help you create a security policy and focus on the following areas in our report.

Security Controls

http://en.wikipedia.org/wiki/ISO/IEC_27001

Physical controls e.g. fences, doors, locks and fire extinguishers;

Procedural controls e.g. incident response processes, management oversight, security awareness and training;

Technical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls;

Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses.

A similar categorization distinguishes control involving people, technology and operations/processes.

Information security controls protect the confidentiality, integrity and/or availability of information (the so-called CIA Triad). Again, some would add further categories such as non-repudiation and accountability, depending on how narrowly or broadly the CIA Triad is defined.

Risk-aware organizations may choose proactively to specify, design, implement, operate and maintain their security controls, usually by assessing the risks and implementing a comprehensive security management framework such as ISO/IEC 27002, the Information Security Forum's Standard of Good Practice for Information Security and NIST SP 800-53 (more below). Organizations may also opt to demonstrate the adequacy of their information security controls by being independently assessed against certification standards such as ISO/IEC 27001.

Risk Management Framework

  • Assessment methodology phases

  • Technical assessment techniques

Why do assessment?

  • Help confirm that systems are properly secured

  • Identify any organization security requirements that are not met, and other security weaknesses that should be addressed

  • Meet requirements to periodically assess systems

  • Specifics to concentrate on.

Examination techniques, generally conducted manually

  • Evaluate systems, applications, networks, policies, and procedures to discover vulnerabilities

  • Techniques include

  • Documentation review

  • Log review

  • Ruleset and system configuration review

  • Network sniffing

  • File integrity checking

Testing techniques, generally performed using

automated tools

  • Identify systems, ports, services, and potential vulnerabilities

  • Techniques include

  • Network discovery

  • Network port and service identification

  • Vulnerability scanning

  • Wireless scanning

  • Application security examination

Featured Posts
Recent Posts
Archive
Search By Tags
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page