CUCIT’s Standard Security Audit & Assessment service (SSAA) provides the cornerstone of a company’s information security risk management program. CUCIT Security Services experts examine the administrative, technical and physical security controls that a company uses to protect its computing environment. The resulting report provides a solid basis for designing and implementing cost effective information security controls.
CUCIT’s SSAA Consulting Services
To provide a SSAA, CUCIT Security Services consultants perform the following tasks:
DETERMINE THE STATUS OF A CLIENT’S INFORMATION CLASSIFICATION PROGRAM. CUCIT security consultants collect data and information from interviews, company documents, network diagrams, etc., to determine the organization’s approach to information security.
DOCUMENT CRITICAL BUSINESS ASSETS. Security consultants analyze company data to identify the client’s critical assets, such as business-critical information, processes, networks and systems. CUCIT’S experts analyze the network topology and configurations to identify weaknesses in design or implementation that may impact the security of the company’s network systems.
ADMINISTRATIVE SECURITY ASSESSMENT. CUCIT evaluates the organization’s administrative security controls, such as information security policies, standards and procedures, to determine shortfalls.
PHYSICAL SECURITY ASSESSMENT. Security consultants check the company’s facilities and physical access controls, as well as the overall environment, communications and infrastructure support mechanisms, to determine their effectiveness in protecting the company’s computing environment.
TECHNICAL SECURITY ASSESSMENT. CUCIT evaluates the company’s information security implementation and configuration management. The vulnerability assessment is conducted using automated tools as well as direct, hands-on proprietary techniques, where appropriate.
CONTROLLED INTRUSION TEST. A controlled intrusion test proves that identified vulnerabilities can be exploited. Using common hacker techniques and a suite of commercial, proprietary and freeware tools, the assessment team tests the company’s Internet-external systems. Unlike traditional “penetration tests,” where actual damage to systems and data often occurs, CUCIT’s “controlled intrusion” approach minimizes the likelihood of damage. Furthermore, our team quickly advises the client if it detects a critical vulnerability that could seriously impact the company’s corporate functions, so immediate remedial action can be taken.
DEVELOP INFORMATION SECURITY ROAD MAP. CUCIT helps clients understand where they are, where they need to be, and how to get there. The Information Security Road Map is a comprehensive listing of an organization’s information security vulnerabilities and recommended corrective actions. This enables the organization to develop a detailed work plan that allows the company to achieve its desired level of security.