> AUDITS & ASSESSMENTS

Audits & Assessments


Creating an effective security posture means understanding how effective your security controls are. What are the threats, and risks pertaining to your organization? Are there vulnerabilities within the perimeter, internally, or on mission critical assets?

Cygnos I. T. Security has developed a suite of security audit and assessment services to help organizations reach the level of security necessary to adequately protect information and system.

Here's how Cygnos I.T. Security can help your organization ....


Security Baseline/Review | Security Audit | Threat/Risk Assessment | Vulnerability Assessment | Desktop/Network Operating System Audit | Perimeter Scan | Application Audit | Topology/Infrastructure Review | Web Server Audit | Firewall Audit | Product Analysis/Evaluation | E-Business Security Audit | Cygnos' 3-Day Audit and Assessment


Security Baseline/Review

A Security Baseline Review is primarily appropriate for organizations that do not currently have a security policy in place. If this applies to you, it would be beneficial for you to find out about the state of your current security processes, including determining your vulnerabilities and risks. As part of a Security Baseline/Review, you will receive a written report identifying:

  • The strengths of your current environment;
  • Vulnerabilities and associated risks;
  • Recommended countermeasures;
  • Identified areas that require immediate attention; and
  • Your Security Plan, that outlines other recommended strategic activities, including Threat and Risk Assessment and the establishment of a solid Security Policy

back to top


Security Audit

The Security Audit is a routine service, conducted for the purpose of verifying your compliance with prevailing security standards. During the audit, Cygnos consultants will evaluate and report on your infrastructure (based on their understanding of your business and security goals) against the current accepted standards and will produce a written report that:

  • Highlights your level of compliance;
  • Highlights areas on non-compliance and the degree of variance from standards;
  • Lists your vulnerabilities and associated risks;
  • Identifies areas requiring immediate attention;
  • Recommends remedial countermeasures and improvements where warranted, including security practices and infrastructure;
  • Identifies requirements for improving your security policies; and
  • Includes performance of additional Threat and Risk Assessments where applicable.

back to top


Threat/Risk Assessment

A TRA identifies your organization's information assets and risks that threaten those assets. The TRA forms the foundation for policymakers to draw on, in order to make educated decisions on safeguards and measures to be taken. A TRA is typically executed and reported in phases, as follows:

Phase 1 - Assets Identification:

  • Organizational information assets are identified and inventoried. Data and system ownership is also clearly identified.

Phase 2 - Development of List of Threats:

Mainly concerned with identifying and documenting threats that may result in breaches of security associated with information, including:

  • Identification of assets deemed worth protecting;
  • Sensitivity, risk and likelihood of threats;
  • Cost/impact of compromises;
  • Comparative assessment of the cost of prevention versus the cost of recovery from attack

Phase 3 - Recommendations

  • Prevention, detection and correction measures are stated, as they relate to each asset to be protected.

back to top


Vulnerability Assessment

This service identifies (in a written report) security strengths and weaknesses in your current systems and networks, as they appear to outsiders intent on attacking, and to internal users operating within your perimeter. The goal of the assessment is to verify the existence (or non-existence) of weaknesses that make you vulnerable to attack from outside or inside.

back to top


Desktop/Network Operating System Audit

There may be desktops within your infrastructure that are potential points of entry and attack. In a secure environment, every desktop and operating system is a known entity. The Desktop/NOS Audit will:

  • Review and understand the business purpose of your systems;
  • Determine what applications and data they host;
  • Assess the validity of configuration and control measures currently in place;
  • Assess the system's vulnerability to known vulnerabilities; and
  • Perform a Security Gap Analysis; and
  • Provide a report that includes recommended improvements to better secure your environment.

back to top


Perimeter Scan

The Perimeter Scan service involves performing an intrusion and test analysis, to determine what areas are potential entry points - as they appear to external attackers - entering via the Internet for example. Gaps are pinpointed and remedial recommendations are made in the Perimeter Scan Report.

back to top


Application Audit

The Application audit service looks at every business application deployed on your system, and includes an extensive examination of binary and source code that could lead to security holes - flaws that hackers could exploit to gain control of an application, its data, or of the system on which it's deployed. The written report includes a complete list of recommended countermeasures to secure your applications.

back to top


Topology/Infrastructure Review

It isn't uncommon to find the security of your network topology and infrastructure wanting - even among the most security-conscious organizations. This is primarily caused by the media's focus on vulnerabilities and threats that affect data hosting systems such as file, database and application servers. The fact is, however, that securing your network infrastructure is a significant part of securing all your information - proprietary or otherwise.

In the Topology and Infrastructure Review, Cygnos assesses the viability of your network infrastructure from the standpoint of security. Included in the assessment are all devices operating at layers 1-3 of the OSI model. What this means is that we look at hubs, switches and routers/gateways. The assessment report also includes a topology review, the current configuration of each device and recommendations for immediate remedial action and improvements - where warranted.

back to top


Web Server Audit

The purpose of a Web Service Audit is to ensure that unwanted intruders cannot enter your system through the Web. A Cygnos Web Server Audit will:

  • Review and clarify the business purpose of your web server, and the applications and data it hosts;
  • Assess the validity of the current web server configuration and any security control measures already in place;
  • Determine the extend of your system's exposure to vulnerabilities and threats;
  • Perform a Security Gap Analysis; and
  • Make recommendations in a written report for improvements to your web server, with the intent of making it more secure.

back to top


Firewall Audit

A Cygnos Firewall Audit will identify security concerns that are present within the firewall. We will suggest steps to correct any flaws, and will verify that your policies and your architecture coincide. A firewall audit should also be considered if there is a need to show due diligence on security-related issues. Please see the detailed description of our Firewall Audit in the Prevention and Detection section of the Services page.

back to top


Product Analysis/Evaluation

We all know that the security marketplace offers buyers a myriad of product choices - each addressing one or more aspects of IT security. Which products are right for your environment? This can be a real issue for many organizations - especially those who lack the expertise or the time to do the necessary research. Product research should include selection criteria such as:

  • Will it satisfy our security policy requirements?
  • Will it integrate with our existing security infrastructure?
  • Will its performance meet our expectations?

Cygnos has a deep understanding of the IT security marketplace. Thus, we have familiarity with a very wide range of security products, and keep up to date on new entries into the market. Our product knowledge, combined with our consulting experience, gives us the confidence and capability to do product analysis and evaluation on your behalf, ensuring that whatever is chosen does indeed meet your requirements.

back to top


E-Business Security Audit

The Internet is a public network. Anything connected to the Internet is also public. Any interaction you have with customers, employees, suppliers and other stakeholders is e-business - not just monetary transactions. In order to ensure that all traffic between your network and Internet is secure, it's paramount that you stay vigilant. A comprehensive Cygnos e-business security assessment will identify all vulnerabilities and threats to your e-business activities and provide the information necessary to implement effective countermeasures.

Cygnos has developed a series of service offerings specifically designed to protect your e-business initiatives from attacks inside and outside your network, as follows:

  • Security Assessment;
  • Intrusion Detection;
  • Secure Remote Access;
  • Virtual Private Networking (VPN);
  • Security Policy Development;
  • Security Outsourcing (Firewall Management/Administration);
  • Scheduled Security Auditing & Assurance Testing;
  • Public Key Infrastructure (PKI) Implementations;
  • Training and Workshops; and
  • Technical Support.

back to top


Cygnos' 3-Day Security Assessment

Information systems are critical to business - they hold sensitive information, process important transactions, and are connected. Therein lies the problem. Many are not secure against intrusion. Cygnos has made it our business to thoroughly understand IT Security. To help organizations better determine an appropriate security posture, we've introduced a 3-day Security Assessment.

Your assessment starts with an on-site meeting to evaluate your environment. We'll talk to your network administrators and security specialists (if you have them), then walk through your business applications and computing environment. Once we've qualified your infrastructure and identified key problem areas, here's what we do next:

  • A high-level perimeter check on routers, firewalls, web servers and other Internet-accessible devices;
  • An analysis of mission-critical servers and resources on the inside of your network; and
  • A thorough review of any existing security policies and applicable standards.

The deliverable? We'll tell you where you are now and will provide you with a written report detailing high-vulnerability areas, recommended corrective measures and any logged anomalies. We'll also provide an estimate for the next steps in the process.

back to top


Security Baseline/Review

A Security Baseline Review is primarily appropriate for organizations that do not currently have a security policy in place. If this applies to you, it would be beneficial for you to find out about the state of your current security processes, including determining your vulnerabilities and risks. As part of a Security Baseline/Review, you will receive a written report identifying:

  • The strengths of your current environment;
  • Vulnerabilities and associated risks;
  • Recommended countermeasures;
  • Identified areas that require immediate attention; and
  • Your Security Plan, that outlines other recommended strategic activities, including Threat and Risk Assessment and the establishment of a solid Security Policy.

back to top


Security Audit

The Security Audit is a routine service, conducted for the purpose of verifying your compliance with prevailing security standards. During the audit, Cygnos consultants will evaluate and report on your infrastructure (based on their understanding of your business and security goals) against the current accepted standards and will produce a written report that:

  • Highlights your level of compliance;
  • Highlights areas on non-compliance and the degree of variance from standards;
  • Lists your vulnerabilities and associated risks;
  • Identifies areas requiring immediate attention;
  • Recommends remedial countermeasures and improvements where warranted, including security practices and infrastructure;
  • Identifies requirements for improving your security policies; and
  • Includes performance of additional Threat and Risk Assessments where applicable.

Contact sales@cygnos.com if you are interested in a 3-day assessment or if you would like additional information on this subject.

back to top


Seminars




Why Invest in Security?

Click above to download our brochure in Adobe Acrobat PDF format

Security Leadership Seminar

BHI & Cygnos IT Security

Contact us | Privacy Statement | Site map
This site is best viewed in 1024x768 resolution