Security Assessments

Security Assessment

The Fastest Way to Expose Security Threats and Vulnerabilities

  • Description

    Your IT Security Assessment will consist of the following elements:

    • Security Risk Report. This executive-level report includes a proprietary Security Risk Score along with summary charts, graphs and an explanation of the risks found in the security scans.
    • Security Policy Assessment Report. A detailed review of the security policies that are in place on both a domain wide and local machine basis.
    • Shared Permission Report. Comprehensive lists of all network “shares” by computer, detailing which users and groups have access to which devices and files, and what level of access they have.
    • User Permissions Report. Organizes permissions by user, showing all shared computers and files to which they have access.
    • Outbound Security Report. Highlights deviation from industry standards compared to outbound port and protocol accessibility, lists available wireless networks as part of a wireless security survey, and provides information on Internet content accessibility.
    • External Vulnerabilities Full Detail Report. A comprehensive output including security holes, warnings, and informational items that can help you make better network security decisions, plus a full NMap Scan which checks all 65,535 ports and reports which are open. This is an essential item for many standard security compliance reports.
    By performing regular security health checks, you can protect your assets, guard against downtime, and sleep better at night.
    Remember your network is always changing, and what was secure yesterday might be exploitable or have vulnerabilities today. That’s why you need a “regular IT security check-up.”
    • An improperly secured network will spread worms, viruses, and spyware – which can lead to downtime, repairs, and even a breach of data – all of which can be extremely costly.
    • New machines and devices might be added to a network without their knowledge – sometimes even brought in from home. Since these devices, generally, do not share the same corporate security settings and tools, they pose a very real security risk.
    • Users should have their access rights regularly verified and documented to reduce the risk of unauthorized access. Additionally, when a new user joins the company, or an existing user changes roles, there should be a verification process to ensure that the proper permissions are set.
    • Active Directory can be complex. A seemingly innocuous change to Group Policy can have very subtle inheritance – giving users access to network shares and data that they should not have. Do the sales people really need access to the company payroll? Solid documentation is necessary to show who had access to what at any given point in time.
    • Depending on the nature of your clients’ organization, many certifications require scheduled vulnerability scans and user audits to maintain network certification.
    For all these, and many more reasons, you deserve the protection that will receive with the Correct Compliance Security Assessment Module
  • Reports

    CHECK OUT THESE SAMPLE REPORTS TO SEE WHAT YOU GET IN THIS MODULE

    Network Security Risk Review. This report includes a proprietary Security Risk Score and chart showing the relative health (on a scale of 1 to 10) of the network security, along with a summary of the number of computers with issues. This powerful lead generation and sales development tool also reports on outbound protocols, System Control protocols, User Access Controls, as well as an external vulnerabilities summary list.
    Network Security Management Plan. Network Management Plan This report will help prioritize issues based on the issue’s risk score. A listing of all security related risks are provided along with recommended actions.
    Network Security PowerPoint. Use our generated PowerPoint presentation as a basis for conducting a meeting presenting your findings from the Network Detective. General summary information along with the risk and issue score are presented along with specific issue recommendations and next steps.
    External Vulnerabilities Scan Detail Report. A comprehensive output including security holes and warnings, informational items that can help make better network security decisions, plus a full NMap Scan which checks all 65,535 ports and reports which are open. This is an essential item for many standard security compliance reports.
    Outbound Security Report. Highlights deviation from industry standards compared to outbound port and protocol accessibility, lists available wireless networks as part of a wireless security survey, and provides information on Internet content accessibility.
    Security Policy Assessment Report. A detailed overview of the security policies which are in place on both a domain wide and local machine basis.
    Share Permission Report. Comprehensive lists of all network “shares” by computer, detailing which users and groups have access to which devices and files, and what level of access they have.
    User Permissions Report. Organizes permissions by user, showing all shared computers and files to which they have access.
    User Behavior Analysis Report. Shows all logins, successful and failure, by user. Report allows you to find service accounts which are not properly configured (and thus failing to login) as well as users who may be attempting (and possibly succeeding) in accessing resources (computers) which they should not be.
    Login History by Computer Report. Same data as User Behavior but inverted to show you by computer. Quite useful, in particular, for looking at a commonly accessed machines (file server, domain controller, etc.) – or a particularly sensitive machine for failed login attempts. An example would be CEO’s laptop – or the accounting computer where you want to be extra diligent in checking for users trying to get in.
    Login Failures by Computer Report. Report identifies users who have succeeded in logging in to another machine. Great for auditing/logging purposes to know of all attempts.