IT Security Assessment
SECCLOR’s Information Systems Security Audit enables an organization to quickly determine if fundamental security issues are present on a computer network. The Audit is comprised of an eight point analysis of independent areas of the network to quickly identify key areas of concern. While this assessment is not intended to act as a substitute for a comprehensive audit, it will provide sufficient information to identify the majority of threats.
Experience shows that up to 80% of the problems detected during the Audit can be quickly remedied, yet can create extreme havoc if uncorrected. The remaining 20% of the problems uncovered may require significant additional effort. SECCLOR’s eight point Information Systems Security Audit examines the areas considered to be the most susceptible for security breach.
EIGHT POINT ANALYSIS
- Cyber Vulnerability – Evaluates the network perimeter to identify common vectors used for exploitation by malicious users. Misconfigurations and unknown vulnerabilities can expose a company’s network to compromise from the outside world. In a matter of minutes, confidential client information could be stolen or systems could be infected with damaging malware causing them to be controlled remotely by a malicious user.
- Mail System Vulnerability – Evaluates the electronic mail system to determine the level of protection required to safeguard sensitive data. Unintended disclosure of message content and account information can be caused by opening or, in some cases, just receiving a harmless-looking e-mail message containing a harmful attachment.
- Remote Access Vulnerability – Determines potential security risks associated with remote access to internal systems. Misconfigurations on end-user systems, as well as internal servers, are oftentimes the root cause of unintended users connecting to internal systems leading to possible data loss or theft.
- Wireless Network Vulnerability – Detects the likelihood of unauthorized access to internal systems. Malicious users can easily connect to wireless networks containing default configurations or minimal encryption methods. Companies may also be unaware of employees intentionally or unintentionally using a personal wireless access point, which may be insecure and susceptible to network traffic being intercepted.
- Physical Access Vulnerability – Inspects the physical security around the environment containing sensitive data. Oftentimes, the physical aspect of securing a network environment is overlooked. Malicious users from both the inside and the outside may take advantage of this vulnerability, which could result in data being sabotaged or stolen.
- Internal Vulnerability – Identifies possible security risks within the perimeter of the network. Similar to Cyber Vulnerability, misconfigurations and unknown vulnerabilities can expose a company’s network to compromise from the outside world; however, there are much greater threats from within the network. If a malicious user gains access to the internal network, network perimeter “walls” are immaterial and all systems on the network are vulnerable.
- User Account Security Vulnerability – Reviews all user accounts, including password complexity, administrative access and user access. The most common method of protection used on a system is password protection. The use of passwords not in line with industry standards or system password policies not properly configured can leave systems vulnerable to exploit within a short time frame. Another common issue is data accessibility among unintended users due to improper user privileges.