Minimize Risk with Objective FFIEC / GLBA-Centric Security Assessments by Security Experts
Redspin Security Audits and Assessments utilize a risk-based approach to isolate key areas of risk and provide detailed recommendations that define cost-effective mitigation and remedy solutions. As an objective provider (we do not sell hardware or software to fix the issues we find) we provide detailed and actionable recommendations - often minor configuration changes that fix a problem or architectural changes that eliminate entire classes of risk without the acquisition of additional layers of technology, which can overload your over-taxed IT staff.
What services does Redspin offer?
- Internal IT security assessments
- Penetration Testing
- Web Application Security Assessments
- Wireless deployment analysis (usually bundled with an Internal IT security assessment)
- Social Engineering
Whether you need to satisfy just the technical vulnerability assessment piece or need a single vendor to handle technical vulnerability testing and audit your general controls, Redspin can help.
Internal IT Security Assessments
What is an Internal IT security assessment?
Our team travels to your location to do an on-site evaluation of your IT environment.
What is an Internal IT security assessment?
- How are we doing?
- Is my information secure?
- We have many issues, what do we fix first?
- Can I get a second set of eyes on my systems?
- We know we have many security controls in existence – are they also working effectively?
- How are we doing compared to similar institutions and to best practices?
- Can I get a baseline security assessment to prioritize our risk and give recommendations for risk mitigation?
What is the scope of an Internal Network Security Assessment?
While each project is custom-scoped depending on your needs, a typical scope includes:
- Network architecture and segmentation
- Authentication and access control
- Firewall and router configuration
- Patch management & software vulnerabilities
- System configuration settings and hardening
- Confidential data handling
- Physical security
- Spyware, malware, anti-virus
- Wireless deployment analysis
- High availability and single point of failure analysis
Penetration Testing
What is a Penetration Test?
In a Penetration Test, the Redspin security engineers put their hacker hats on, work remotely from our offices and attempt to breach your network security via the Internet.
What Questions Does a Penetration Test Answer?
- Can a hacker get to our internal and systems data from the Internet?
- Can you simulate real-world tactics and identify what an automatic vulnerability scan misses?
- Are my web-host and other service providers as secure as they say they are?
Web Application Penetration Test
What is a web application penetration test?
For web application penetration testing the Redspin security engineers put their hacker hats on and attempt to breach the security and identify risk on your web site via the Internet. This is similar to a penetration test, but is entirely focused on your web application.
What Questions Does Web Application Testing Answer?
- Can a hacker access my internal systems and data from the Internet, via my web application?
Social Engineering
What is a Social Engineering Assessment?
We physically engage, call and or email your employees and attempt to access sensitive information or secure locations.
What Questions Does Social Engineering Answer?
- Can someone call or email from the Internet and entice our staff to disclose sensitive customer information or user's passwords?
- Are employees consistently following policies and procedures?
|
Financial Services
