Security Policy Audits & Assessments

Risks-with-Security-Audits

Minimize Your Risks with Security Audits & Assessments

Recent advances in information technology have helped to push businesses forward, creating unique, new opportunities for companies to grow and thrive. Unfortunately, the modern age has also created enormous new risks for businesses to manage. According to the Identity Theft Resource Center, in 2017, there were 1,339 confirmed data breaches exposing more than 174 million records in the United States.

While no level of network security will ever be 100% effective against all intrusion attempts, businesses can minimize their risk of a data breach or other security events by taking certain precautions—beginning with a security audit/assessment.

Why Run a Security Assessment?

Security audits and assessments are a basic part of maintaining strong security hygiene—helping to identify potential weaknesses in your company’s security posture or architecture so you can fix them.

What’s Involved in a Security Audit and Assessment?

A security audit is an in-depth process involving numerous steps that are designed to assess both internal security vulnerabilities and external security vulnerabilities. Some key components of the audit include:

security-policy-review
Security Policy Review
security-policy-review

Security Policy Review

This review examines an organization’s existing information security policies and procedures to ensure that they can effectively protect technical and information assets. Policies are reviewed against best practice guidelines intended to mitigate legal, financial, regulatory, technical, and organizational risks. Furthermore, Compuquip verifies whether or not these policies sufficiently address risks and technical issues specific to the organization’s business model.

security-architecture-review
Security Architecture Review
security-architecture-review

Security Architecture Review

In this process, various elements of the client’s internal and external security architecture are put through a risk assessment. Compuquip will interview the appropriate staff in the client company to gather the data on the current security architecture and existing security controls that are in place. This examination seeks to identify whether the organization has established an acceptable level of risk and determines if the appropriate security products have been acquired and implemented from a network security and system perspective.

Compuquip’s security professionals will also review the current technologies in place to find out how they are installed and how they are being utilized in order to validate that the client is getting maximum value out of their existing security investment.

firewall-review
Firewall Review
firewall-review

Firewall Review

One of the most basic cybersecurity technologies that Compuquip assesses in the Security Audit is the firewall. Here, Compuquip’s experts assess whether or not the firewall configuration and rule set meets the business and compliance requirements of the organization. Key components of this review include:

  • A detailed review of firewall(s) used by the organization.
  • Assessments of firewall topology, rule-base analyses, firewall management process and procedures, device features, and security device configurations.
  • Evaluations of security technology policies for remote access, network segmentation, server protection, authentication, and firewall design.
  • Upgrades and updates of firewall software and settings that are performed as necessary to ensure optimum performance and protection.
penetration-testing
Penetration Testing
penetration-testing

Penetration Testing

Penetration testing can be provided on an as-needed basis to help verify that vulnerabilities—such as unpatched exploits—have been sufficiently addressed to minimize risk following a security assessment. This process is carried out by experienced security engineers on the Compuquip team who can then use the results of the penetration testing to address any newly-discovered exploits in the client’s network infrastructure.

Deliverables

Following the completion of a security audit, Compuquip delivers documentation to the client that includes:

Summary of Methods

An explanation of the methods used in the various steps of the audit so the client knows how they were executed and can verify the efficacy of the methods used.

Summary of Findings

A document detailing the vulnerabilities and issues discovered during the course of the assessment.

Remediation Priority Matrix

A set of recommendations for prioritizing the fixes to be applied following the audit’s conclusion based on its findings.