| |
A security audit provides a comprehensive report on the status
of your security system as it is today there are two types of audit
which can be conducted together or separately.
A policy audit checks the security system against the organization’s
documented security policy, ensuring that policy is accurately reflected
in the security system rules and permissions.
A security system audit provides an independent review of the security
system and looks for weaknesses against industry best practice.
Why audit your security system?
- Security threats change and increase every day. Regular audits
will check that updates are being properly and regularly applied.
- An audit provides a baseline of the existing system from which
new investment can be accurately planned, avoiding excessive or
inappropriate expenditure.
- A policy audit will check that the security policies which
management has communicated are being adhered to.
- System audits will help spot any errors in configuration which
can leave vulnerabilities in the most secure products.
- Audits can help overcome 'rule-creep' as small system changes
over time cumulatively produce a significant shift in overall
system security.
- System documentation is checked to ensure that changes are being
properly recorded.
A security audit is vital before major new investment is considered
and should ideally be repeated at six month intervals, as a top
up to routine internal system management.
Datawiz Corp. security audits are carried out by a lead security
consultant and a report is delivered detailing the findings. Findings
are categorized into high, medium and low priority. Where appropriate,
recommendations for corrective action are made.
Audit Services
|
| External Security Audit |
Internal Security Audit |
An External Security Audit will
test your network devices and servers for vulnerability to a
wide range of exploits, viruses, worms and other common Internet
attacks. On completion of the audit, Datawiz will provide your
company with a detailed report containing the test results and
remediation recommendations.
|
An Internal Security Audit starts with a threat-discovery
meeting in which specific security problems are defined. Typical
security problems include frequent virus outbreaks, unauthorized
access to sensitive email or documents, unauthorized network
bandwidth usage, or a lack of a well-defined company security
policy. A final report will be made detailing the problems,
risks, and recommended changes. |
| Real Attacks and Break-ins |
The ultimate test of any network
security is to survive an attack by experienced and determined
crackers. Upon client request Datawiz Corp. will attempt a
variety of attacks and break-ins on your machines that would
be typical of those most likely to target your company. If
you anticipate attacks coming from individuals with limited
resources and knowledge (e.g., "script kiddies")
this can be a relatively inexpensive operation. However, if
you anticipate attackers with Government or corporate resources,
a realistic attack can be more expensive to mount and may
require specialized hardware, personnel, travel expenses,
and other resources.
Among the services we can provide are:
- Machine Break-ins
- Domain Hijacking
- Denial of Services Attacks
- Cracking of user passwords
- Retrieval of sensitive documents
- Network insertion of backdoors, sniffers, viruses, etc.
- Physical Access to sensitive hardware or software
|
At the end of this process, you'll receive a detailed report showing
how we accomplished a given attack and identifying the security
weaknesses that allowed it. Recommendations will be provided to
correct the security flaws discovered and Datawiz Corp. can provide
Security Remediation Services to help correct such problems
|
|
 |
