Information Security, IT Audits, and Penetration Testing
We can assist you with Information Assurance / Cyber Security issues. As part of our services, we provide an IT Security Audit designed to assess security and suggested remediation and risk management. Our cyber security audit includes personnel interviews, vulnerability assessments, analysis of computer security policies, and network penetration testing. Some important issues related to computer security and access include the determination of how difficult are passwords to crack, whether proper access protocols have been implemented, whether access logs are maintained appropriately, and whether proper security software is installed.
A proper information security plan addresses:
- Access management: This determines who can access what resources and what kind of authentication is required.
- Access control: This is tied to access management. Access controls verifies that users who have access to certain assets stay within the authorized access areas.
- Intrusion prevention and detection: This issue derives from access control. Simply stated users from within or from outside of the organization may attempt to exploit known vulnerabilities.
- Vulnerability management: Once the organization's access controls are properly managed and intrusions prevented, the next step is to identify other system vulnerabilities.
Information security assessments help ensure business continuity and also minimize damage by preventing damage caused by security incidents. Skilled hackers and even “script kiddies” may target your organization for its information or computer resources. Through a security assessment, AVM Technology can perform a “controlled break” into your business systems. The goal is to determine vulnerabilities and provide recommendations on how to correct them before a hacker steals your business data or causes permanent damage.
A proper information security assessment includes a comprehensive testing of the organization’s infrastructure. Are the systems secure enough to withstand a basic attack from outside, through penetration testing? Is the information secure from insiders through appropriate access controls and privilege management? Are the employees and members of the organization aware and ready to confront a well-designed social engineering attack?
Some of the aspects that we look at as part of an AVM Technology security audit assessment include:
- Physical & Environmental Security - Generally not a significant part of our information security audit, as we expect clients to have adequate physical security.
- Computer & Network Management
- System Access Control - This includes penetration testing attacks on your system to ensure adequacy.
- Continuity Planning
- System Maintenance and Development