Security Assessments

  • Overview

Get a fresh perspective on your security profile

Security Assessments

Security assessments take the mystery out of understanding your current state of security and what to do next to improve the roles, processes and technology that keep you safe. Assessments establish a baseline for existing controls and provide a strategic, risk-based road-map for moving forward.

Independent testing of your organization’s network security posture improves the real-world level of security and measures compliance with regulatory requirements.

Whether remotely attacking your Internet-connected firewalls and web servers or conducting on-site attacks against the inside of your network, Cerium security consultants function as ethical hackers utilizing the same tools and methods that the bad guys use. The difference is that our testing is completed from an auditor’s perspective in order to comprehensively identify all existing vulnerabilities, so that you can mitigate them.

The deliverables for an assessment project include an executive summary, a risk matrix of the vulnerabilities identified, and complete recommendations on mitigation.

HIPAA Assessments

Cerium security consultants measure your healthcare organization’s current state of security against the HIPAA standard as defined by the National Institute of Standards and Technology. A gap analysis clearly identifies areas of strength and weakness. Detailed recommendations enable you to take proactive steps to achieve full compliance.

External Vulnerability Analysis (Pen testing)

An external vulnerability analysis is the controlled attempt at testing a computer system or network from “outside” in order to detect vulnerabilities. It employs the same or similar techniques to those used in a genuine attack. Appropriate measures can then be taken to eliminate the vulnerabilities before they can be exploited by unauthorized third parties.

Process

  • Discovery: enumeration, fingerprinting and banner grabbing
  • Scanning: performing port scans and resource identification methods utilizing a variety of open source, customized and commercial tools
  • Vulnerability tracking: identifying vulnerabilities in scanned systems and resources
  • Manual analysis: to reduce false positives and ensure results match your environment, a security consultant will review and analyze all findings
  • Documentation and presentation of results