Information Security Assessment Services

Secure20 provides comprehensive end-to-end security services that can assist you in quickly determining your company’s business and technology risk levels and vulnerabilities.  In today’s rapid paced technology environment, it is essential for all companies to make security a high priority to protect the privacy of their customers, their systems, and their information assets.  Secure20 provides clients with complete security assessment services as described within this brochure.

Secure20 can provide you with expert technologists and security professionals to evaluate the overall security of your networks, platforms, and applications based on your business and your unique requirements.  Once vulnerabilities and exposures are identified, our team works with your organization to fix immediate issues. We then work with you to develop a formalized business case for justifying future security expenditures based on levels of risk to the organization.  We determine your security vulnerabilities using state-of-the-art tools and proprietary methodologies to analyze networks and applications for intrusion vectors.  We support all our findings and recommendations with formal documentation that can become a foundation for your security infrastructure.

Do you understand the risks/ vulnerabilities within your company?

The rapid pace of network, platform, and applications development has opened up risks and vulnerabilities often unforeseen by technical and management staffs.  These vulnerabilities may exist in any of your processing environments and a successful break-in may damage your company’s reputation, impact future sales, result in loss of customer confidence, along with various legal and regulatory ramifications.

What must I do to identify risks and exposures?

Finding weaknesses in your security implementation is crucial to the success of your company and its reputation.  Secure20 offers its clients a full range of assessment services that will assist in identifying and mitigating security risks and exposures in a timely manner. This work is done by Secure20’s highly qualified professional services team using proven security processes and tools that will effectively uncover any security flaws in your environment. When complete, our professionals will meet with the appropriate groups within your company to understand your processing environment and create a plan to find existing risks and vulnerabilities in those systems considered mission-critical to your company. 

What Types of Assessments does Secure20 offer?

Enterprise Security Assessment

The Enterprise Security Assessment includes an in-depth review of your organization’s IT security processes and related documentation selected from the following areas:  security policy and standards, security organizational structure and management, asset classification, system access controls, monitoring controls, business continuity readiness, change control processes, and compliance to industry standards of due care.

Application Security Assessment

The Application Security Assessment will include an end-to-end review of the application’s overall architecture, interfaces, and control mechanisms to ensure security, integrity, and availability.  The review will assess the controls surrounding the application and its data to ensure that while in storage and in transmission the data is secure from unauthorized access. A review of the security processes supporting this application will also be performed to ensure that only authorized personnel with a need-to-know will have access to the programs and data. Comprehensive audit records and reporting trails are crucial in determining the series of events leading up to a security breach.  Our review will determine the adequacy of these audit mechanisms and recommend solutions as appropriate. 

Network Security Assessment

The Network Security Assessment will include:  An in-depth review of your overall network architecture to determine how it effectively isolates untrusted outside networks from gaining access to your internal trusted networks and systems.

A review of your internal network design to determine proper segmentation is achieved to prevent unauthorized access.

A review of the security design of your selected internal network security components (routers, remote access servers, bridges, gateways, etc.) to determine if any of their functions or placement in the architecture provided by them could cause undesirable results.

A test designed to exercise the security components within the scope of the project. We attempt to gain unauthorized access to portions of your internal trusted network from the perspectives of a trusted insider or an outsider who has penetrated your external defenses.

A comprehensive review of the security management controls for the included components covering: policy, organization, personnel, asset classification and control, physical security, access control, change control, network and computer management, virus protection, business continuity, systems development and maintenance, and compliance.

System Security Assessment

The System Security Assessment will include a comprehensive review of the security management controls for the included components covering most logical access controls for networks and computer applications.

A review of configuration parameters for each operating system and network component within the scope of the project will determine how each one allows users access when they are, or are not, in compliance with your security policy.  

Physical Security Assessment

The Physical Security Assessment will evaluate the effectiveness of existing controls to monitor and control physical access to the company and sensitive areas within the company.   This review will look at the following areas for effectiveness.

• Perimeter review
• Monitoring controls (cameras, reports, alerts)
• Security guards and placement
• Cardkey systems
• Power monitoring and backup service
• Contingency plans
• Fire detection
• Water leakage detection
• Alarms
• Escalation procedures
• Evaluation procedures
• Security administration

Internet Security Assessment

The Internet Security Assessment will include a review of your overall network, platform, and applications architecture to determine adequacy of design and security controls to protect the company from external hackers.

This review will focus on security configurations within associated: routers, switches, firewalls, web servers and application servers, etc. This will ensure proper configuration and controls to mitigate the risks of unauthorized access.

Specifically, the review will look at security of items such as:

• CGI scripts
• Access control mechanisms
• Authentication and permissions
• Security configuration settings
• Encryption standards
• Security for network interfaces
• Security for trusted environments
• Intrusion detection monitoring
• Security administration
• Platform-specific security considerations
• Release and change controls
• Browser security
• Patch Management
• IP protocols used
• Backdoors and Trojan Horse programs
• Partner network connections
• Denial-of-service protections
• Web server weaknesses
• Password control weaknesses
• Remote access vulnerabilities

Financial and Regulatory Assessment and Compliance Services

To ensure that your organization is in complete compliance with regulatory laws and internal polices, Secure20 offers IT Audit experts who have many years of experience auditing complex systems for numerous financial institutions

Are you in compliance with these new and complicated programs and regulations?

• Sarbanes-Oxley Act
• Gramm-Leach-Bliley Act
• HIPAA
• MasterCard SDP
• VISA CISP
• REALTOR® Secure Certification Program
• California SB 1386

For more information about Secure20 services, please consult our FAQ page and download our Services Overview document in PDF format.

Contact us now to get started

You will need a copy of Adobe Acrobat Reader.