- Minimize business risk.
- Internal data access controls.
- Comply with legal & regulatory requirements.
- Information Security and Availability.
- Review IT policies and procedures.
- Verify IT configuration and versioning.
- Develop an appropriate test strategy.
- Test controls to ensure effectiveness.
- Catalog control deficiencies.
- Record policy and procedure weaknesses.
- Find lapses in data access safeguards .
- Identify deficiencies in physical security.
Network Performance Audit
- Examine network design documentation.
- Create configuration database with version control.
- Observe latency, throughput, error rate, and QoS.
- Comprehensive Reports.
- Perfomance issues found.
- Deficiencies in documentation.
- Deficiencies in configuration management.
- Recommendations for improvement.
- Identify internal and external vulnerabilities.
- Quantify and Prioritize risks.
- Discover assets and track ownership.
- Identify rogue devices.
- Propose solutions for mitigation.
- Compliance based Reports — PCI, HIPAA, GLBA, FISMA, & SOX.
- Best practices (ITIL, OSSTMM, ISO 27001)
Active Directory Audit
- Security Issues presented by AD
- Bad Actors using AD for presistent attacks.
- Attackers modify logs to remain undetected.
- Test for vulnerabilities
- Uncover excess access permissions.
- Identify stale user and computer accounts.
- Trace AD Changes to users making them.
- Review group policies and their assignment.
- Look for brute force attacks.
- Report vulnerabilities and mitigation options.
Perimeter Penetration Tests
- Reconnaissance - Gather details of the network.
- Network Scanning
- Port and vulnerability scans.
- Locate entry points that can be targetted.
- Penetration - find exploitable vulnerabilities.
- Comprehensive report
- Report identified vulnerabilities.
- Propose options to resolve them.