Vulnerability
Assessments
Security Associates Corp™
offers a complete portfolio of interrelated security services,
designed to assist organizations in assessing, measuring,
analyzing, and resolving information security vulnerabilities.
Security Associates offers
a comprehensive, in-depth assessment service that identifies
major risk areas within an organization's network and
environmental infrastructure. Security
Associates provides customized assessment solutions
that are focused on understanding the organization's underlying
business objectives, and creating a customized suite of
assessment solutions specifically tailored to the organization.
Security Associate's Vulnerability
Assessment Services help organizations understand potential
security exposures that can lead to a compromise of critical
information, and help organizations develop security strategies
that fit their business requirements and security needs.
The Security Associates Vulnerability Assessment Service
is comprised of multiple assessment components. Each of
these customized components can be included as part of
the overall assessment service. These assessment components
include:
-
Certification and Accreditation - identifies
system compliance gaps and offers remediation strategies
and management solutions to address any discovered
weakness. The C & A process incorporates interview
sessions with key personnel to analyze the overall
state of the information security environment, System
Test and Evaluation, SSP preparation, POAM creation, artifact
collection and Agency ATO/IATO if applicable.
-
Firewall Review - offers a comprehensive
review of the security of firewall deployment and
management to identify and address the risk of firewall
breaches and loss of critical information. Firewall
reviews are conducted onsite, and provide both external
and internal review of the firewall, including system
OS configuration, firewall software configuration,
and authentication and access control policies.
-
Server and Host Review - offers
a detailed look at an organization's server environment
in order to analyze individual servers, and their
ability to enforce confidentiality, integrity, and
system availability, while protecting information
and assets. The Server and Host review addresses both
external and internal analysis, including overall
system architecture and configuration, policies, and
usage and management of the environment.
-
Web Server Review - offers analysis
of an organization's web servers to identify potential
risks and vulnerabilities that could lead to a compromise
of the web server's access controls, and the critical
information the server stores, transmits, and receives.
The Web Server review addresses both external and
internal analysis, and includes overall system configuration,
policies, and usage and management of the environment.
-
Business and Security Policy Development
- offers the analysis and development of corporate
policies, including Business Policy, Security Policy,
Information Security Policy, and End User Authentication
and Authorization Policies.
-
Secure Architecture Design - offers
assessment and comprehensive development of an organization's
overall information security system to address overall
security and assurance requirements, including system
availability, data integrity, access control configurations,
and audit requirements.
-
Secure Systems Integration - this
turn-key security process helps organizations design
and integrate new services, applications, components,
policies, and educational training programs throughout
a networking environment to create a truly secure
and trusted infrastructure.
Security Associates
Vulnerability Assessment Tool, the ECM, is the delivery
mechanism for the overall Information Security Assessment
Service. The ECM incorporates each of the customized
assessment components to provide a complete overview of
an organization's Information Security "readiness",
while providing the foundation for additional security
product and service solutions through Security Associates.
In addition to the Information Security Assessment service
components, ECM also supports additional services
offered by Security Associates, including network penetration
testing and forensics analysis, disaster recovery review
and planning, and business contingency planning. By providing
the comprehensive, in-depth assessment of an organization's
Information Security environment, Security Associates
is able to offer proprietary, customized solutions to
assist in the analysis and development of an organization's
trusted infrastructure.
|
