» Security Testing Options
IT Security Review, Audit, Testing, and Consulting Services
If there is a weakness in your IT security system, wouldn't you prefer to find it before someone else does?
From time to time mistakes are made and security is overlooked. The best way to identify these types of security issues is through regular independent information security reviews. You may have a team of seasoned security experts on hand, but often they are too immersed in your environment to see the trees from the forest and scrutinise their work or a peers. That's why many regulatory and compliance standards now recommend or mandate routine independent security tests.
When it comes to choosing the correct testing method, there is literally a sea of acronyms and confusing terminology. So how do you choose the correct approach for your environment, security appetite, and budget?
Sense of Security has simplified your choice to just a few options that will cover almost all requirements. Whatever assurance you need that your systems are secure, we will design a testing program that will address your concerns from multiple threat perspectives.
Security audits are a security assessment against organisational standards, regulatory and compliance requirements, or industry best practice. The testing can take many different forms, including: configuration reviews, vulnerability assessment or penetration testing, standards compliance, etc.
- Configuration reviews - involves us reviewing the implementation of a system against organisational standards or industry best practice. Each and every setting of the system is benchmarked against a set of agreed criteria, the impact and likehood of a gap is assessed, and a recommendation is reported for each deficiency to improve your security.
>> Read more technical detail about Host Security Assessments.
- Vulnerability assessment and penetration testing - uses similar tools and techniques to what the hacker community uses in an attempt to breach the security of your systems. The idea is that if we can find holes using this mindset, then potentially nefarious individuals on the internet can too. Of course, we do this in a structured way that minimises your risk and write a comprehensive and actionable report at the end of the security test so that you can close any gaps.
>> Read more technical detail about Penetration Tests.
- Standards compliance - involves assessing an organisation against a set of defined criteria. This may involve us conducting workshops, interviews, or reviewing documentation. In all cases supporting evidence is collected and reviewed to provide you with an accurate picture of your current position. The outcomes may require changes that affect people, process, or technology.
>> Read more technical detail about Compliance.