Independant Certified Third Party Vulnerability Assessment
Security Counselors can provide your organization with an objective, complete, and affordable assessment of your regulatory compliance posture with regard to computer and network security. This
independent third party assessment will provide proof that your
organizations network is secure and show that you are taking all
available steps to prevent systems compromise and loss of vital
business data.
Whether you're a clinical research organization conducting a drug device trial or you're a toy manufacturer worried about safety, Evaluation and Testing is the accepted Best Practice Approach. In the same way you evaluate data to make improvements in your process or product, testing and evaluation is the only real world method of improving your business security.
Vulnerability Assessment Testing
Our Vulnerability Assessment Service
involves scanning and probing a network using sophisticated tools to
determine how an information resource can be compromised. The resulting
report will list each device visible at the perimeter, its attributes,
and it's vulnerability to hacking. Each vulnerability will be identified with a severity level suggesting the priority these should be addressed.
Ask about special pricing for V.A. Subscriptions, available semi-annually or quarterly.
Don't forget about your International Sites! Many
organizations put less emphasis on their field sites, especially the
international locations. Our personnel have experience evaluating sites
in Africa and Asia to provide a complete analysis of your organization.
Vulnerabilities
A weaknesses in a computer or network that leave it susceptible to potential exploitation such as unauthorized use or access. Vulnerabilities include but are not limited to weaknesses in security procedures, administrative or internal controls, physical configuration; or features or bugs that enable an attacker to bypass security measures.
Threats
A threat is the means through which a weakness can be exploited to adversely affect a network or supported systems. A threat is possible only because the system is vulnerable to that particular threat. Generally fall into three broad categories:
A person (careless oversight, lack of training, malicious or criminal intent)
A thing (a faulty piece of equipment)
An event (a power outage, fire, or flood)
Vulnerability Assessment and Penetration Testing can be conducted using one of two approaches.
Black Box Testing
Black
Box testing is conducted with no prior knowledge of the infrastructure
to be tested. Some argue that black-box testing simulates a true
web-hacking attack, beginning with nothing but the client's corporate
name. During the reconnaissance phase the evaluator will gather
information about the network and the business from outside sources.
Tools and techniques are employed to gather useful information about
the business and map the target network. Then the network will
be probed for vulnerabilities and exploited based on the network map
created from the reconnaissance.
White Box Testing
White
Box testing is conducted with complete knowledge of the network
infrastructure. White-box testing has fundamental similarities to Black
Box testing but assumes full knowledge of the client's organization and
network infrastructure from the outset. System design and
implementation documentation is often provided. There is no assumption
that the provided information is accurate however and all details will
be verified.
Which Is Right For You?
Both approaches have merit.
Black
Box testing is seen in the industry as more true to what a real
external hacker may attempt but it often takes longer, some network
components may be missed, and it almost always costs a great deal more.
White
Box Testing tends to provide a greater business value due to the
efficient use of shared information about the network ensuring that no
components are missed and the exclusion of the reconnaissance phase.
Security
Counselors is experienced in both methods and can undertake a
Penetration Test or Vulnerability Assessment using either technique.
ContactSecurity Counselors to discuss which options are right for you.