Audit & Assessment

Network Audit

Periodically assessing the health and efficiency of your network is important to ensure your network is still performing at its best and providing maximum value for your business.

Our senior network & security engineers will perform a performance and capacity health check of your network in order to identify existing or upcoming performance issues, advise on ways to overcome these problems and make recommendations for your network capacity planning.

Network Security Assessment

Firewall Audit & Clean-up

A firewall rule base is a set of rules that determines what is and what is not allowed through the firewall. Over time, firewall rule bases tend to become large and complicated. It’s not unusual for firewalls to have many hundreds or even thousands of rules, many of which were rendered obsolete when IT operations added new rules to meet business requests, but neglected to remove any old ones. Firewalls that have been in place for a few years most likely include rules that are either partially or completely unused or expired, or they overlap or "shadow" each other.

When the rule base becomes big and tangled, it starts to affect firewall performance, it becomes difficult to maintain and it can conceal real security risks. In addition, several information security standards require clean-up of unused rules and objects. For better performance, stronger security and compliance with regulations, it is therefore strongly recommended that you clean up those rule bases.

Our senior network & security engineers will use a best practices checklist or a firewall management tool for cleaning up the rule base of your firewalls.

Vulnerability Scan

A vulnerability scan is used to assess computers, networks or applications and to discover known system weaknesses. They are utilized in the identification and detection of vulnerabilities arising from misconfigurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc.

Authenticated scans (using system credentials) will provide detailed and accurate information about the operating system and installed software, including configuration issues and missing security patches. Unauthenticated scans will determine the security posture of externally accessible assets.

Our information security officer will perform a vulnerability scan in order to identify potential vulnerabilities on your network components.

Penetration Testing

Penetration testing is the process of evaluating the current security state of a system or network to find vulnerabilities that an attacker could exploit to gain unauthorized access to systems and information. This process involves identification of security weaknesses that may result from improper security configuration of systems or applications and known or unknown vulnerabilities in hardware or software systems.

Penetration testing provides insight into your organization’s current state of security, discovers possible ways to penetrate and tests the effectiveness of the security countermeasures.

We perform 2 types of testing:

External penetration testing

Performed remotely with no internal access provided to our security experts. The goal is to identify and classify the weaknesses and penetrate the internet-facing IT assets of an organization such as firewalls, web or email servers, VPN concentrators, gateways, etc.

Internal penetration testing

Performed from within the premises of your organization, usually to identify & classify threats and vulnerabilities in the internal network presented by someone who already has access to the organization’s network such as an employee, contractor or guest. It also helps an organization to determine its compliance on global or local policies, standards and procedures in terms of information security, data protection and network segmentation.

Our penetration testing service will use a combination of automated and manual scanning methods and will utilize commercial and publicly available tools as well as custom scripts and applications. Our information security officer will explain the findings (threats) of this security assessment and provide you with recommendations on how to improve your security posture.

Information Security Governance

Risk Assessment - ISO 27001

An information security risk assessment aims to identify and characterize the inherent and/or residual risks within an organization’s information security systems, policies and procedures (according to the scope of the assessment). It’s mainly a theoretical hands-off exercise (workshop sessions) involving staff and managers within and familiar with the scope area plus other experts in risk and control discussing and theorizing about the risks.

Our information security officer will help you perform an information security risk assessment.

Information Security Management System (ISMS) Audit - ISO 27001 & NIS

An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. ISO 27001 is a specification for creating an ISMS. It does not mandate specific actions, but includes suggestions for documentation, internal audits, continual improvement and corrective and preventive action.

An information security management system audit involves assessing the inherent risks within an organization’s information security systems, policies and procedures (according to the scope of the assessment). Auditors go on to check and validate the controls actually in place in order to determine whether the residual risks are sufficiently mitigated or contained. Audit fieldwork is very much a practical hands-on exercise.

Our information security officer will help you to define your policies and procedures needed to set up your information security management system and to perform an internal audit in preparation for an external audit to achieve ISO 27001 certification.