This SecureTrace service delivers a more broad and all encompassing Security Assessment review for organizations. It goes beyond mere electronic reconnaissance and probing. We will...
- Find vulnerabilities before the bad guys do.
- Identify and prioritize computing network infrastructure threats, vulnerabilities and risks.
- Analyze how threats can compromise data integrity, privacy and availability.
- Review organizational process flow for gaps.
- Translate findings into understandable language for executive leadership.
and much much more. Including reviews of the following organizational operating areas:
We review documentation for quality and thoroughness. Unfortunately, this is a common weakness within organizations. Technical people in charge of security infrastructure usually do not have a propensity for writing.
Emergency Change Procedures
Expedited changes such as those that are put in hurriedly to resolve system outages can introduce security holes into an environment. When circumventing normal change processes, it is important that follow up and reviews are conducted to keep an organization in compliance with business as usual standards.
Testing and Product Certification
Most organizations test products and code for functionality and stability, but fail to properly test for security functions. Often it is assumed that the default configuration supplied by well know vendors is adequate. However; even top security vendors distribute software and hardware that is less secure then it should be to ease implementation of their customers.
Life Cycle Management
This area is often a problem for larger organizations who run infrastructure too long in their environment. Longevity in use is good for ROI but is generally bad for security. Sometimes companies run devices that are officially out of support by vendors.
In the ever changing world of security, companies must invest in those responsible for the daily upkeep of the fort. This means training. Whether it is internal or external, online or in person, involves certification or not, we will review the training plan and make recommendations to keep up with today's industry standards.
Data Encryption Policies
To encrypt of not to encrypt, that is the question. Nothing provides more security coupled with more inconvenience. Ever lose the password to an encrypted data store?
Cell phones are one of the newest sources of heartburn for security professionals. Downloading and installing apps from Apple or the Google play store might seem safe. After all, they do scan those apps for malicious code right? Yes, but the bad guys circumvent those protections as they do so many others.
Nothing haunts organizations more than users clicking away at links inside their emails. Data loss, viruses and ransomware all love to hitch a ride on client initiated connections.
User ID and Passwords
Even after decades of security consciousness, this area is still one of the biggest thorns in the side of organizations. Regular password changes with minimum complexity requirements is not enough. Validating users with not so personal details like birth dates and maiden names has become another problem bad guys take advantage of.
Proper user termination procedures is critical. It helps to have a SSO solution to minimize this work, but even then many failures occur in this area.
Many organizations have software to help them manage their software versions. This is especially true of large organizations, but they often end up with a pile of data so large that it is difficult to take action on.
Locks on data center doors and security guards are great, but they won't stop the seriously determined. Physical security of cabinets. boot media ports, shipping centers, and even the original manufacturing facility of hardware some into play depending upon the level of security needed.
Segmentation of Duties
Being a super admin is fun and convenient, but not the best idea. Splitting up duties not only makes business sense from a resource efficiency perspective, but it makes sense for security as well.
Interview of Security Administrators
You might think that speaking with those in charge of security wouldn't result in many revelations. After all, do they really want to tell on themselves? Actually, yes. Security admins are generally happy to discuss their problems.
Schedule your free consultation to discuss you assessment today!