Network Security Evaluation

The main purpose of a security evaluation is to discover vulnerable points in the architecture of an IT infrastructure. Penetration testing alone is not enough to discover these weaknesses; the main purpose of a penetration test is to bypass existing security mechanisms rather than checking the entire architecture. A good example of mechanisms that can bypass penetration tests but which are identified in security evaluations include: local antivirus policy and updates, user privileges separation and management, confidential data processing, safe storage and encryption. All these points are assessed and reported upon during the security evaluation process.

Sample of the assessment performed during a security audit:

  • Network Architecture and Configuration
  • Hardware Firewalls and Routers Configuration
  • User Authentication and Access Management
  • Updates and Patches Management
  • System Configuration
  • System Services and Applications Configuration
  • Antivirus Software Management
  • Confidential Data Handling and Encryption
  • Backup System Management
  • Local Security Policy Review
  • Presence and Qualification of Internal Incident Response Team
  • Physical Security

Assessment results will identify the most important and critical IT threats and risks to business processes so that they can be properly addressed. All this makes a security audit an indispensable solution for independent and comprehensive security testing that can reveal vulnerabilities and weaknesses within your IT infrastructure.

Information Risk Assessment

Cautela Labs helps you via its information risk analysis methodology to analyze business information risk and select the right controls to mitigate that risk.


Professional Services

FISMA

Services to help federal agencies and their affiliates in their FISMA compliance efforts to improve your security controls in accordance with NIST SP 800-53 for security controls.


Compliance