|
Intrusion Testing Methodology Overview
A Security Posture Assessment is the starting point for establishing
the baseline of the organization's ability to provide a low level
of risk of compromise. Every company needs to assess their security
posture, but not every manager knows where to begin or what needs
to be done to meet today's requirements. Prism's consultants have
been performing security assessments for large corporations and
small specialized businesses since 1996. Prism's security professionals
customize an approach based on our clients' individual environments
and produce a customized report combined with technical recommendations
to address any issues or vulnerabilities discovered while performing
the security assessment.
In each assessment, client-specific requirements are used to establish
the Statement of Work and a detailed proposal is provided to ensure
that the client understands the process and the deliverables, which
are designed to achieve the corporation's long-term goals. At all
times, throughout the process, the client is in contact with assessment
personnel to ensure that the deliverables of the engagement are
met. Where clients are unsure of their needs, the consulting team
can provide the parameters based on industry-specific "best
practices".
Security Posture Assessments can be done from several perspectives
and customized for individual corporate requirements. Examples of
assessments previously done for Prism's clients include:
Perimeter Security Posture Assessments
Internet server assessments
Internet intrusion tests
Phone line scans (war dialing)
Firewall configuration assessments
Wireless configuration assessments
VPN configuration assessments
Internal Network Security Posture Assessments
Internal server security assessments
Internal network security assessments
PBX configuration assessments
Other customized assessments can also be designed at the client's
request.
Many consulting firms will not or cannot provide references for
security assessments, however, when necessary, Prism can provide
references to potential clients, usually within their own industry,
on an individual basis.
Assessment Methodology Overview
Prism's Internet SPA methodology employs both automated assessment
tools, to quickly identify historical vulnerabilities, as well as
a manual assessment to ensure false positive results are identified
and vulnerabilities related to architecture and other networking
problems are highlighted.Our standard assessment reviews the status
of the entire Internet infrastructure security, based on as much,
or as little, information as the customer cares to provide.
At the completion of the assessment, Prism provides a written report
of the findings as well as recommendations for corrective action
to address any vulnerabilities or other issues detected during the
engagement.
A Security Posture Assessment performed by Prism provides corporations
with the information required to assess risk management, while improving
the site's overall security posture.
|
Security
Posture Assessments