| |
| Businesses in the U.S. lost over $8 billion last year to computer crime, fraud, and destructive code according to a report published by Wired Magazine. What's worse is the FBI claims that nearly 75% of computer crime occurs from within an organization. As well, there is a growing number of mobile workers, e-commerce applications, and enterprise networks that can make organizations more vulnerable to serious threats to their external networks. |
| How can you protect your organization? Intuition, luck, and intelligence can improve matters, but still fall far short of perfection. Companies must equip their IT managers with comprehensive risk management tools. Security and infrastructure risk management use systematic methodologies, such as vulnerability detection, threat assessment, and network monitoring/testing, to enable you to identify every weak link. Security audits help organizations determine how to best implement risk management tools. |
| SecurNeT Audit Services |
| IrisLogic SecurNet Audit Services are an essential procedure for every organization in order to accurately collect conclusive information about the vulnerabilities of a network and provide effective solutions. However, before beginning a security audit, IT managers must first define the reasons for implementing risk management to help determine the objectives for the organization. The objectives should always keep in mind the basic tenet of risk management: create a positive impact on the bottom line.
|
| SecurNet Audits are performed on-site and consist of six essential phases: |
 |
External Security Assessment |
|
Network Analysis |
|
Host Analysis |
|
Threat Analysis |
|
Policy Analysis |
|
Audit Report & Recommendations |
|
| 1.External Security Assessment |
| Every network must be protected from external attacks. IrisLogic's first audit phase determines the viability of existing hardware in preventing attacks such as denial of service, IP spoofing, ping of death, routing redirection, and so on. State-of-the-art security tools and scripts are used in a concerted effort to attack existing network firewalls to discover every possible external security vulnerability. |
| 2. Network Analysis |
| Networks can be viewed as complex engines, but often a single point or area of failure is to blame for poor network performance. IrisLogic's comprehensive Network Analysis delves deeply into the customer's network topology to determine the quality and effectiveness of the current network technologies. Documentation provides a detailed analysis of existing network problems. |
| 3. Host Analysis |
| Critical servers or identified hosts on the network are inspected for possible security failures. In this phase, IrisLogic uses sophisticated host scanners to inspect the servers, determine what services the hosts are running, and identify levels of patch revisions, file permissions, password files, and so on. |
| 4. Threat Analysis |
| Threat analysis plays an important role in building an effective security policy. IrisLogic takes a holistic approach, using industry research, trends in criminal activity and regulatory measures, and changes in technology as our knowledge base. Armed with cutting-edge knowledge, we can accurately assess a customer's vulnerability to an outside attack. |
| 5. Policy Analysis |
| The next phase in building an effective security policy is to carefully analyze the existing corporate security policy. Employees are interviewed to determine policy awareness and adherence, while existing policy documents are reviewed for content. Through this process, implied, official, and unofficial risks are brought forward and reconciled with the Threat Analysis. The production of a new or revised security policy completes the phase. |
| Audit Report & Recommendations |
| When all the necessary data have been collected from the previous five phases, a report is provided to management, as well as an oral presentation to company personnel. The Audit Report details the issues involved with security architecture, network topology, risks, and policies. Finally, recommended solutions are outlined, which include a timeline and projected costs. |
| |
