To determine the strength of a company’s existing security programs, IPSec conducts a risk assessment that evaluates twelve different domains of security. Deficiencies in any of these domains leave a company open to attack, and our goal is to eliminate security concerns across all of them. Our risk assessments involve interviews of employees, followed by validation testing to verify that the security information gleaned from our interviews is accurate. Between our risk assessment and the penetration tests we conduct, IPSec generates a complete picture of a company’s current security profile.
In total, we evaluate a company’s security preparedness across a dozen domains, which are:
Policies and Procedures – These are the bedrock of any security program, and IPSec evaluates their content as well as their implementation.
Regulatory and Compliance – We analyze all regulatory effort underway within a company to determine the efficacy of each one. We also look for gaps between regulation and compliance.
Network and Telecommunications Security – IPSec conducts a total review of each client’s network infrastructure and assesses its ability to protect the company. Our review includes frequently overlooked communication components like modem and VoIP.
Application Security – We evaluate the company’s efforts to build security into their software development lifecycle and their steps for addressing security risks in web applications.
Hardening Guidelines – IPSec evaluates the company’s hardening guidelines, which are the Minimum Security Baselines for protecting its systems.
External Presence – A company’s external presence is where it’s most vulnerable to attack. For that reasons, we asses clients’ internet postures and their mechanisms for deterring attacks and security breaches.
Incident Response – IPSec looks through each company’s guidelines for responding to security incidents and look for flaws and oversights.
Monitoring and Detection – Breach detection is just as important as prevention, so we analyze our clients’ ability to sense breaches and mitigate damage should one occur.
Third Party Vendor Management – IPSec investigates the third party vendors our clients use and look for threats resulting from their products and practices.
Wireless and Mobile Security – IPSec assesses our clients’ mobile web usage and looks for any related security weaknesses.
Education and Awareness – Education is an often forgotten aspect of network security. We examine each client’s existing security education programs and propose solutions that improve the company’s security culture.
Physical Security – Physical security is old fashioned but critically important to a company’s comprehensive protection. We round out our risk assessment by ensuring our clients are not overlooking essential physical security measures.
