esureity.com Welcome to eSureITy - Vulnerability Assessments

 

home

Vulnerability Assessments

Technically, a vulnerability assessment is a detailed study of the security infrastructure of an organizations network. At eSureITy, we realize that for organizations striving to attain compliance, there is more needed than a few simple scanning tools and a “Point and Click” report. GLBA, SOX, FFIEC, SCADA, HIPAA, and others have many clearly defined requirements that exceed the capabilities of simple scanning and reporting. Our experienced team utilizes a process containing over 125 steps that is designed to provide the audit community with evidence of compliance attainment as well as clearly defined remediation steps for vulnerabilities and risks that are discovered. Our team knows it as important to provide a clear and understandable roadmap to security and compliance attainment as it is to simply uncover vulnerabilities.

Many of the Vulnerability Assessments that we have reviewed during assessment experiences focus solely on the vulnerability and tend not to provide clear guidance on remediation. Additionally, many reporting formats do not strive to provide evidence of existing compliance attainment; this is an important “Missing Link” in the assessment process. To this end, EVERY report that you receive from eSureITy will have clearly defined findings and recommendations that can be used to effect the changes necessary to demonstrate compliance and security to the audit community.

eSureITy assessment evaluations include the following internal and external options:

External Vulnerability Assessment (eVA)

eSureITy Information Security Analysts will conduct an examination of the potential vulnerabilities to a perimeter network to ensure security safeguards are in place to protect valuable assets and confidential information against unauthorized access. On an engagement by engagement basis, our assessment process is tailored to meet your institutions’ unique requirements in support of GLBA, SOX, HIPAA, SCADA, NERC and other compliance and security requirements.

Our process includes the following primary assessment criteria:

  • Perimeter Host Security
  • DNS Server Security
  • HTTP & Web facing Server Security
  • Messaging Server Security
  • Intrusion Detection Sensor  / Intrusion Prevention Sensor Security
  • Incident detection and response

Examination of the potential vulnerabilities to the perimeter network will be performed under the premise of a “Zero Knowledge Attack” and “Full Knowledge" attack under a clearly defined two stage approach gathering publicly available information about public records and websites available on the Internet to discover potential security exposures. In addition, physical sites, systems and applications will be probed to identify potential security weaknesses and for potential penetration testing. The EVA final report will include a grading format ranging from Severe to Low with clearly defined recommendations for remediation.

Internal Vulnerability Assessment (iVA)

eSureITy Information Security Analysts will conduct an examination of the potential vulnerabilities to internal network(s) to ensure security safeguards are in place to protect valuable assets and confidential information against unauthorized access. On an engagement by engagement basis, our assessment process is tailored to meet your institutions unique requirements in support of GLBA, SOX, HIPAA, SCADA, NERC and other compliance and security requirements.

Our process includes the following primary assessment criteria:

  • Overall Security Process
  • Information Security Policy and Risk Assessment Processes
  • Network Security
  • Logical and Administrative Access Controls
  • Personnel Security
  • Encryption
  • Malicious Code
  • Systems Development, Acquisition, and Maintenance
  • Logging and Data Collection
  • Service Provider Oversight
  • Business Continuity and Disaster Recovery
  • Intrusion Detection and Response
  • Security Testing

The Final Report will include a grading format ranging from Severe to Low with recommendations for remediation.

Comprehensive Vulnerability Assessments (CVA)

Comprehensive Vulnerability Assessment service offers a complete on-site assessment of your enterprise security infrastructure and information security posture that helps your staff defend and maximize your company’s valuable information assets. This important service assesses the technical security of your company’s computer systems, the physical security of your material workspaces, and the soundness of your company’s information security policies, procedures, and processes. A CVA provides a comprehensive and holistic approach to validating and thus strengthening your company’s enterprise security program. Comprehensive Vulnerability Assessments are customized engagements in support of our customers who are seeking an enterprise approach to internal and external security and compliance assessments.

eSureITy is an international information technology assessment and consulting services provider that delivers world-class solutions including: auditing, assessment, management  and attainment of enterprise security and regulatory compliance.

*All VA tests are performed using a methodology which conforms to Information Systems Audit Standards issued by the Information Systems Audit and Control Association. Additional sources of testing procedures include CERT/CC, the SANS (SysAdmin, Audit, Network, Security) Institute and NIST (National Institute of Systems and Technology).

 

Learn More    |    Back to top