3
The scope of Audit and Assessment Services include: NETWORK PENETRATION TESTING AND ASSESSMENT WEB APPLICATION PENETRATION TESTING AND ASSESSMENT WIRELESS NETWORK PENETRATION TESTING AND ASSESSMENT VOIP INFRASTRUCTURE PENETRATION TESTING AND ASSESSMENT NETWORK CONFIGURATION SECURITY AUDIT AND REVIEW SECURITY CONTROL AND FRAMEWORK AUDIT AND REVIEW REGULATORY COMPLIANCE AND STANDARD AUDIT At the compleon of every Pentest, Audit, or Assessment, a detailed report provides customers with an overview of exisng Security Controls and Framework for the scoped environment. The report lists vulnerabilies and missing controls and provides recommendaons to remediate security issues, migate vulnerabilies, and pass industry or regulatory security compliance requirements. Network Edge Security Audit and Assessment Services enables businesses to validate and enhance the security posture of their overall ICT environment by migang risks associated with protecng crical data from possible threat or aack vectors, both externally and internal to the organisaon. Security Audit and Assessment Services focus on the discovery and idenficaon of weaknesses and vulnerabilies, but do not extend to aempts at exploing and tesng any weaknesses or vulnerabilies that are discovered. OVERVIEW Network Edge Security Audit and Assessment Services provides customers with a High-Level overview of their overall ICT Informaon Security Framework. The output of the Audit and Assessment process is a report that provides detailed visibility into the security state of scoped ICT infrastructure and a detailed benchmark assessment of Confidenality, Integrity and Availability (also known as the CIA triad). SECURITY AUDIT AND ASSESSMENT SERVICES 0800 11 88 00 | [email protected] | www.networkedge.co.nz

SECURITY AUDIT AND ASSESSMENT SERVICES

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: SECURITY AUDIT AND ASSESSMENT SERVICES

The scope of Audit and Assessment Services include:

• NETWORK PENETRATION TESTING AND ASSESSMENT

• WEB APPLICATION PENETRATION TESTING AND ASSESSMENT

• WIRELESS NETWORK PENETRATION TESTING AND ASSESSMENT

• VOIP INFRASTRUCTURE PENETRATION TESTING AND ASSESSMENT

• NETWORK CONFIGURATION SECURITY AUDIT AND REVIEW

• SECURITY CONTROL AND FRAMEWORK AUDIT AND REVIEW

• REGULATORY COMPLIANCE AND STANDARD AUDIT

At the completion of every Pentest, Audit, or Assessment, a detailed report provides customers with an overview of existing Security Controls and Framework for the scoped environment. The report lists vulnerabilities and missing controls and provides recommendations to remediate security issues, mitigate vulnerabilities, and pass industry or regulatory security compliance requirements.

Network Edge Security Audit and Assessment Services enables businesses to validate and enhance the security posture of their overall ICT environment by mitigating risks associated with protecting critical data from possible threat or attack vectors, both externally and internal to the organisation.

Security Audit and Assessment Services focus on the discovery and identification of weaknesses and vulnerabilities, but do not extend to attempts at exploiting and testing any weaknesses or vulnerabilities that are discovered.

OVERVIEWNetwork Edge Security Audit and Assessment Services provides customers with a High-Level overview of their overall ICT Information Security Framework. The output of the Audit and Assessment process is a report that provides detailed visibility into the security state of scoped ICT infrastructure and a detailed benchmark assessment of Confidentiality, Integrity and Availability (also known as the CIA triad).

SECURITY AUDIT AND ASSESSMENT SERVICES

0800 11 88 00 | [email protected] | www.networkedge.co.nz

Page 2: SECURITY AUDIT AND ASSESSMENT SERVICES

SERVICES DESCRIPTION

Network Penetration Testing and AssessmentNetwork Edge use Centre for Internet Security (CIS) and National Institute of Standards and Technology (NIST) controls as the base security framework to assess the output from network scans. The assessment determines the network security attacks that potentially could occur within the scanned network. Network Pentest is divided into two different assessment phases.

• EXTERNAL – Assesses the network from a hacker’s point of view to find out what exploits and vulnerabilities are accessible to the outside world

• INTERNAL – Scans the internal network infrastructure to discover exploits and vulnerabilities

Web Application Penetration Testing and Assessment

Network Edge leverages the Open Web Application Security Project (OWASP) security framework as a basis to assess web infrastructure for any misconfiguration and known vulnerabilities. An external scan is performed on customer provided and confirmed public IP addresses that host external facing services.

Wireless Network Penetration Testing and AssessmentNetwork Edge leverages current 802.x standards and Penetration Testing Execution Standard (PTES) as the foundation for our wireless assessment methodology. This simulates ‘real world attacks’ to determine the vulnerabilities within an organisation’s wireless infrastructure.

VoIP Infrastructure Penetration Testing and AssessmentNENZ leverages the CIS and NIST industrial VoIP standard as the foundation for assessment of IP telephony infrastructure. This simulates real world attacks to determine the vulnerabilities within an organisations VOIP Security design and associated network.

0800 11 88 00 | [email protected] | www.networkedge.co.nz

We’ll work with you to provide the best solution for your business”

Page 3: SECURITY AUDIT AND ASSESSMENT SERVICES

Network Configuration Security Audit and ReviewNetwork Edge uses NIST and CIS standards as a base to perform a configuration and access control audit on all customer workstations, servers, and network devices (routers, firewalls, switches, voice). Actions available as a result of the audit will strengthen an organisation against the possibility of an external exploit.

Security Control and Framework Audit and ReviewNetwork Edge uses the CIS AAA Standard and NIS best practise to perform an audit of access management, authorisation processes, and accounting standards (AAA) for security compliance and password hardening. Actions available as a result of the audit are targeted at preventing dictionary or brute force attacks due to the use of weak passwords and non-secured controls.

Regulatory Compliance and Standards AuditThe Network Edge Security Audit and Assessment Service also includes industrial security compliance audits such as: PCI Compliance, HIPAA Compliance, ISO Compliance, NIST and CIS compliance, so that customers can meet their regulatory compliance requirements.

REPORTING The output from all Network Edge Security Audit and Assessment Services is generation of a comprehensive report that describes all of the discovered Security Vulnerabilities with recommendations to remediate risks, enhance infrastructure security, meet Security Framework standards, and/or meet Industrial Regulatory Compliance requirements.

ESTIMATE OF EFFORT

The following table indicates how Network Edge determines if a Security Audit and Assessment customer is a Small Business, Medium Business, or Large Business.

The following table indicates the typical effort involved in completing the Security Audit and Assessment Services based on customer type.

0800 11 88 00 | [email protected] | www.networkedge.co.nz

SECURITY AUDIT AND ASSESSMENT SERVICES

Number of Users

Number of Devices

Number Servers

Small Business

1 - 10

1 - 50

1- 5

Medium Business

11 to 200

51 to 300

6 to 20

Large Business

201 and more

301 and more

21 and more

Security Service

Network Penetration Testing

Web Application Penetration Testing

Wireless Network Penetration Testing

VoIP Infrastructure Penetration Testing

Network configuration Security Audit and Review

Security Control and Framework Audit and Review

Regulatory Compliance and Standard Audit

Small Business

Security Reporting

Hours

2

2

2

2

2

2

3

Security Reporting

Hours

4

4

4

4

5

4

6

Security Reporting

Hours

10

6

6

7

10

7

12

Pentest Assess

Hours

8

4

4

4

10

4

6

Pentest Assess

Hours

30

20

30

40

50

30

20

Pentest Assess

Hours

100+

40

60

100+

120+

60

35

Medium Business Large Business


Development Department Kowloon, Hong Kong · 2017-09-26 · SECURITY RISK ASSESSMENT & AUDITING ... Security Risk Assessment & Audit Guidelines, OGCIO(G51) g) Information Security

Development Department Kowloon, Hong Kong · 2017-09-26 · SECURITY RISK ASSESSMENT & AUDITING ... Security Risk Assessment & Audit Guidelines, OGCIO(G51) g) Information Security

Documents
Capabilities Overview - Cyber Security · compliance and audit evaluation, continuous monitoring, IT security event management, and security assessment support for new and existing

Capabilities Overview - Cyber Security · compliance and audit evaluation, continuous monitoring, IT security event management, and security assessment support for new and existing

Documents
Security Audit Ppt

Security Audit Ppt

Documents
Industry Best Practices for Securing Critical Infrastructure · Cyber Security and Critical Infrastructure ... audit, which can change ... Cyber Security Assessment Report Policy

Industry Best Practices for Securing Critical Infrastructure · Cyber Security and Critical Infrastructure ... audit, which can change ... Cyber Security Assessment Report Policy

Documents
REQUEST FOR PROPOSAL Multi-State Lottery Association ... Operational Security... · REQUEST FOR PROPOSAL . Multi-State Lottery Association . Operational Security Assessment and Audit

REQUEST FOR PROPOSAL Multi-State Lottery Association ... Operational Security... · REQUEST FOR PROPOSAL . Multi-State Lottery Association . Operational Security Assessment and Audit

Documents
Security Risk Assessment & Audit Report of Security Risk

Security Risk Assessment & Audit Report of Security Risk

Documents
Security Audit Guide

Security Audit Guide

Documents
Systems Security & Audit Operating Systems security

Systems Security & Audit Operating Systems security

Documents
Security Audit Log

Security Audit Log

Documents
Ogcio Security Risk Assessment & Audit

Ogcio Security Risk Assessment & Audit

Documents
SC Content & Audit Management System Security …...Page 1 of 15 Quick Reference Guide Security Self-Assessment Audit This document contains the information for Cisco Partners to use

SC Content & Audit Management System Security …...Page 1 of 15 Quick Reference Guide Security Self-Assessment Audit This document contains the information for Cisco Partners to use

Documents
cloud security audit

cloud security audit

Documents
Cyber Security Risks and Mitigation for SME · 2017-10-24 · IT Security Assessment . References •IT Security Policy and Guidelines - OGCIO ... •Security Risk Assessment & Audit

Cyber Security Risks and Mitigation for SME · 2017-10-24 · IT Security Assessment . References •IT Security Policy and Guidelines - OGCIO ... •Security Risk Assessment & Audit

Documents
Security Audit and Security Tools

Security Audit and Security Tools

Technology
Security Audit Prabhaker Mateti. What is a security audit? Policy based Assessment of risk Examines site methodologies and practices Dynamic Communication

Security Audit Prabhaker Mateti. What is a security audit? Policy based Assessment of risk Examines site methodologies and practices Dynamic Communication

Documents
Food Security Needs Assessment - Merri Health€¦ · As with the 2009 report ^Food Security in Moreland: A Needs Assessment the 2014 food retail audit showed an over representation

Food Security Needs Assessment - Merri Health€¦ · As with the 2009 report ^Food Security in Moreland: A Needs Assessment the 2014 food retail audit showed an over representation

Documents
ICAO Universal Security Audit Programme ICAO Regional Aviation Security Audit Seminar Security... · 2015-01-15 · ICAO Universal Security Audit Programme (USAP) USAP Continuous

ICAO Universal Security Audit Programme ICAO Regional Aviation Security Audit Seminar Security... · 2015-01-15 · ICAO Universal Security Audit Programme (USAP) USAP Continuous

Documents
Security Audit

Security Audit

Documents
Security Audit Certificate - eWON · Audit process: OSSTMM & OWASP ... communication channel Test type: Double gray box Security Audit Certificate Audit modules: ... (Security Test

Security Audit Certificate - eWON · Audit process: OSSTMM & OWASP ... communication channel Test type: Double gray box Security Audit Certificate Audit modules: ... (Security Test

Documents
AUDIT SECURITY

AUDIT SECURITY

Documents
GDSN Security Audit Requirements - GS1 Security Audit... · 2015-09-08 · This security audit requirements document is intended to examine the breadth and depth of a security audit,

GDSN Security Audit Requirements - GS1 Security Audit... · 2015-09-08 · This security audit requirements document is intended to examine the breadth and depth of a security audit,

Documents
Privacy Impact Assessment - Inpatient treatment for drug ... · DCC Audit Services - will be required to undertake an Information Security Audit and ISO27001:2013 audit of the 3 –

Privacy Impact Assessment - Inpatient treatment for drug ... · DCC Audit Services - will be required to undertake an Information Security Audit and ISO27001:2013 audit of the 3 –

Documents
Open Crypto Audit Project TrueCryptopencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit...Open Crypto Audit Project TrueCrypt Security Assessment Prepared for: Prepared by: Andreas

Open Crypto Audit Project TrueCryptopencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit...Open Crypto Audit Project TrueCrypt Security Assessment Prepared for: Prepared by: Andreas

Documents
The Future of Security · Securosis, L.L.C. ‣ Audit/assessment and penetration testing are essential to understand the highly variable security of providers, and to assure security

The Future of Security · Securosis, L.L.C. ‣ Audit/assessment and penetration testing are essential to understand the highly variable security of providers, and to assure security

Documents
Audit, Compliance & Security

Audit, Compliance & Security

Documents
1 Computer Security Principles and Practices Security Audit IT Security Management & Risk Assessment IT Security Controls, Plans & Procedures Gregory (Greg)

1 Computer Security Principles and Practices Security Audit IT Security Management & Risk Assessment IT Security Controls, Plans & Procedures Gregory (Greg)

Documents
Physical Security Assessment also called: PHYSICAL SECURITY SURVEY AND ASSESSMENT Security Survey Risk Analysis Security inspection Security Audit Threat

Physical Security Assessment also called: PHYSICAL SECURITY SURVEY AND ASSESSMENT Security Survey Risk Analysis Security inspection Security Audit Threat

Documents
A. Finance Commission14. Discussion of and Consultation on Security Audit, ossible P Issue Related to Confidential or Sensitive Information, Security Breach Audit and Assessment, or

A. Finance Commission14. Discussion of and Consultation on Security Audit, ossible P Issue Related to Confidential or Sensitive Information, Security Breach Audit and Assessment, or

Documents
Tips for Passing an Audit or Assessment - Structured...Audit or Assessment Rob Wayt CISSP-ISSEP, HCISPP, CISM, CISA, CRISC, CEH, QSA, ISO 27001 Lead Auditor. Senior Security Engineer

Tips for Passing an Audit or Assessment - Structured...Audit or Assessment Rob Wayt CISSP-ISSEP, HCISPP, CISM, CISA, CRISC, CEH, QSA, ISO 27001 Lead Auditor. Senior Security Engineer

Documents
Security Audit Pm

Security Audit Pm

Documents