Comprehensive Security Assessment

Comprehensive Security Assessment is a holistic review of relevant functions/departments with in an Organization to evaluate the design and operating effectiveness of the cyber security & business continuity controls. The assessment covers process, technology and people aspects of the control framework. It provides an independent view on the adequacy of the functioning of the 1st line, 2nd line & 3rd line of defense within an Organization.

The coverage of Comprehensive Security Assessment depends on the business and organization structure of the customers. The scope is customized for each customer to ensure that all relevant functions and risk areas are covered within the assessment.

Following is a sample high-level coverage of the Comprehensive Assessment across functions/departments within an Organization.

image
Information Technology
  • Assessment of the network architecture, topology, network communication with third parties and regulators
  • Assessment of remote connectivity including VPN access
  • External vulnerability assessment and penetration testing
  • Internal vulnerability assessment and penetration testing
  • Secure configuration review of firewalls, routers, switches, operating systems and databases being used within the Organization
  • Application & infrastructure review and assessment of multiple customer financial, internal financial & internal non-financial applications
  • Assessment of other business specific technology being used within the Organization. As an example for the banking sector, the scope includes the assessment of the ATM operation including field-based assessment of branch & off-site ATMs
Cyber Security
  • Information Security Governance assessment (including both documentation and implementation review of strategy, policies, procedures, standards & guidelines)
  • Assessment of Security Operation Centre (SOC) including review of coverage scope for SOC monitoring, adequacy of rules defined for monitoring, implementation review of the SIEM solution and review of policies, procedures and standards pertaining to the SOC operation
  • Assessment of Incident Management (IM) including review of policies, procedures and standards pertaining to the IM operation; determining the adequacy of incident detection controls by conducting mock incidents under controlled environment; evaluating the incident response under various scenarios; evaluating the maturity of the incident response team
  • Assessment of security appliances & solution including DLP, WAF, Privileged Identity & Access management, Cryptography management, high privileged user management
  • Advanced Persistent Treat (APT) resilience test to determine the adequacy of the APT solution
Internal Audit
  • Assessment of the coverage and adequacy of Information Security & Business Continuity domains by the Internal Audit Department
Business Continuity
  • Assessment of Business Continuity including review of strategy, policy, procedure & standards pertaining to Business Continuity Management; review of BCP & DR drill results; review of adequacy of the Business Continuity committee & required management support
  • Assessment of the Data Centre and Disaster Recovery Sites
Physical Security
  • Evaluation of all physical securing controls across the environment of the Organization
Compliance
  • Review of the process and monitoring adequacy of the Organization to comply with all local and global regulatory requirements
End Users
  • Random survey pertaining to Information Security
  • Social Engineering test to determine the IS awareness level among the employees
image

Our Methodology



The flow of our comprehensive assessment is as follows:

  • Detailed Understanding of the Organization
  • Finalizing the scopeand control framework
  • Interviewing key stakeholders
  • Review of all Governance documents across departments
  • Review of Implementation and records of evidence
  • Technical Assessments (VAPT, Config Review, Application PT, APT etc.)
  • Analysis & Reporting
  • Management Presentation

Why Choose us?



  • Wide range of experience across sectors including BFSI, Manufacturing, Aviation, Healthcare, Information Technology, Logistics, Government, Retail, Telecom, Power, etc. This helps us to provide industry specific risk coverage
  • Vast exposure in technical assessments across multiple types global clients
  • We are already trusted by multiple regulators & large business houses for such comprehensive assessments
  • Highly trained and experienced consultants who provide a customized experience to each customer

image

You can get in touch with us at sales@secureyes.net to utilize our Cyber Security Advisory & Consulting services for your organization today.