IT Infrastructure Security Assessment

With the expansion of electronic communication the security of information systems is becoming a vital part of business processes in organizations. Secure implementation and maintenance of the IT infrastructure are particularly important, as with the complexity and diversity of information systems, the possibility of security weaknesses is increasing, and they are getting harder to detect. The security of the entire IT infrastructure depends on the weakest link. A single security weakness can adversely affect many security measures in place (e.g., default administrative passwords).

Vulnarebility Scanning

With such an assessment, you can get basic information about the exposure of your IT infrastructure to a malicious code and most common threats which are results of known vulnerabilities or misconfigurations and which can be exploited even by inexperienced attackers. The assessment is carried out with automated tools, which use various techniques and specially crafted requests to systematically verify the accessibility of services and known vulnerabilities. Such assessments are most commonly carried out by organizations which are required to regularly check the state of information security for compliance purposes.

External Security Assessment (penetration testing)

It is intended to identify potential security threats posed to IT infrastructure originating from the publicly accessible network. During the assessment, the same methods and tools are used as the ones present in actual online attacks. The target systems of the assessment are typically web servers and web-based business applications, mail servers and other supporting services, security systems in place (firewalls, IPS, etc.), and other publicly accessible services of the organization.

Internal Security Assessment

The purpose is to identify possible security threats and vulnerabilities of the IT infrastructure from the deliberate or accidental harmful activities of employees or from an attack originating from the internal network. It includes a review of the information system security design, accessibility testing and review of the hardware and software security settings, VoIP/IP telephony assessment, wireless network and mobile device security review, review of the security policy and procedures for the system maintenance, and a security assessment of key business applications.