|
|
Enterprise
Security Assessment
Vigilant brings a
fresh perspective to
Enterprise Security
Assessments. We understand
that Information Security
and IT Risk must contribute
efficiently to an organization’s
bottom line; which is
why our ESA takes a
unique approach to security
assessments - combining
financial, technical
and procedural analysis
in order to derive the
highest value for our
clients.
Vigilant’s Enterprise
Security Assessment
Goals:
-
Financial
- Assess the operational
effectiveness and
financial cost of
the client’s
Enterprise Security
Architecture (ESA)
to determine target
areas for cost savings,
or alternatively,
where additional investment
may be needed.
- Technical - Conduct
an inventory of the
existing ESA products
and services, and provide
recommended changes
to improve effectiveness,
eliminate unnecessary
redundancy, and achieve
greater productivity
from IT Risk and Information
Security human resources.
-
Procedural
– Review the
client’s security
policy and incident
response plans to
verify that the security
controls implemented
provide an adequate
level of coverage
for IT Risk, Compliance
and Incident Response.
Vigilant’s ESA
focuses on the security
controls implemented
for your internal, trusted
networks. Each assessment
is custom designed around
the client’s existing
security and network
infrastructure, but
typically includes analysis
of the following:
-
Perimeter
Security Devices:
firewalls, routers,
switches, intrusion
detection, proxy servers
-
Network
Access: Network configuration
/ separation
-
Operational
Servers : host intrusion
prevention, file /
configuration management,
Windows, Linux, UNIX
server configurations
-
Applications
& Databases: RDB
audit logs, application
logs
-
User
Activity: Network
configuration, User
authentication, Remote
access, e-mail
ESA Service
Summary:
-
Interview
client personnel to
gain a thorough understanding
of the configured
environment and policies.
-
Financial
Review – Evaluate
existing information
security budget, projected
multi-year expenditures
by product and service
category. Determine
target areas for consolidation
and cost savings.
-
Technical
Review - Review network
maps and logical topology
diagrams. Inventory
all implemented security
products / services
across the enterprise
to determine both
areas for potential
consolidations as
well as gaps in coverage
-
Procedural
/ Policy Review -
Review security policies,
standards and controls,
and conduct gap analysis
between stated policy
and implemented design
-
Deliver
final report of ESA
findings, including
results of Financial,
Technical and Procedural
analysis, along with
recommendations for
enhancement of the
existing architecture.
|
|
