How strong are your foundations?
Your challenge: ensure that IT security controls are in place to protect your business
Do you have an overall view of how effective your security plan is? Do you have the right IT security controls in place to protect the information that is critical to your business? Performing an IT health check provides senior management with an independent and holistic view of IT security, challenges and recommendations for improvements.
Our IT health check solution
We can undertake an analysis of your chosen systems and network to identify any vulnerabilities that may compromise the confidentiality, integrity or availability of the information you hold. We will help you scope your IT health check to ensure it is a worthwhile exercise and provides you with the correct level of assurance.
External testing
|
Internal testing
|
The scope for external testing should include systems that provide Internet services, such as email servers, web servers and other systems, like firewalls, that are in place to prevent unauthorised access from the Internet into your organisation.
If your organisation is dependent on third-party suppliers and they can access your systems from their own office locations, this should also be tested as an external connection.
|
This includes vulnerability scanning and manual analysis of your internal network. At a minimum, the scope for internal testing should include:
-
Desktop and server build and configuration, and network management security
-
Patching at operating system, application and firmware level
-
Configuration of remote access solutions (including solutions for managed devices and BYOD)
-
Build and configuration of laptops and other mobile devices, such as phones and tablets used for remote access
-
Internal security gateway configuration (including PSN gateways)
-
Wireless network configuration
-
Database configuration security review
-
Firewall configuration security review
The testing should include representative vulnerability scanning across the entire network, covering end-points, servers, devices and appliances, and credentialed scanning of device applications. The scanning needs to include applications on devices, this is typically achieved through credentialed vulnerability scanning. In organisations with a large number of devices, you may conduct sample testing: the size of the sample must be no less than 10 per cent of your estate.
|
External testing
|
The scope for external testing should include systems that provide Internet services, such as email servers, web servers and other systems, like firewalls, that are in place to prevent unauthorised access from the Internet into your organisation.
If your organisation is dependent on third-party suppliers and they can access your systems from their own office locations, this should also be tested as an external connection.
|
Internal testing
|
This includes vulnerability scanning and manual analysis of your internal network. At a minimum, the scope for internal testing should include:
-
Desktop and server build and configuration, and network management security
-
Patching at operating system, application and firmware level
-
Configuration of remote access solutions (including solutions for managed devices and BYOD)
-
Build and configuration of laptops and other mobile devices, such as phones and tablets used for remote access
-
Internal security gateway configuration (including PSN gateways)
-
Wireless network configuration
-
Database configuration security review
-
Firewall configuration security review
The testing should include representative vulnerability scanning across the entire network, covering end-points, servers, devices and appliances, and credentialed scanning of device applications.
|
Advantages of completing an IT health check
-
External systems are protected from unauthorised access or change, and do not provide an unauthorised entry point into systems that consume PSN services.
-
Internal systems have no significant weaknesses on network infrastructure or individual systems that could allow one internal device to intentionally or unintentionally impact on the security of another.
Benefits of working with us
-
We can help set the scope to save you time and money and provide you with the correct level of assurance.
-
Our penetration testing services are accredited to the exacting criteria set by CREST, and can provide you with the technical assurance you need from an information security partner.
-
Whether we test your applications, networks, employees or your team, you will be armed with new ways to strengthen your organisation’s security posture against cyber threats.
-
We will communicate any issues or remediation recommendations in a clear and jargon-free way, understandable by your engineering and senior management teams alike.
-
Identify pragmatic and cost-effective solutions to achieve PSN compliance by addressing how processes, systems and IT infrastructures need to change.
Companies using our testing services:
Speak to an expert
Please contact us for further information or to speak to an expert.
Contact us