Services

Our IT Security Consulting services are designed to assess a client’s IT security needs and provide solutions that align with their organizational goals, budget and existing infrastructure and processes.

IT Security Consulting services can address areas such as: two-factor authentication, patch management, password management, vulnerability scanning, internet filtering, mobile device management, key card entry, software management and many other areas.

Our IT General Control Reviews are designed to assess an organization’s policies, processes, procedures, structure, software and hardware in order to identify risk.

The IT General Control Review includes: interviews and shadowing of key staff, review of existing organizational documentation, technical review of existing organizational software and hardware.

Our Contract Review services ensure that your organization’s vendor contracts have the clauses in place to limit organizational risk.

This analysis will review contracts and identify issues with: Right to Audit, eDiscovery, data ownership, indemnity, arbitration, subcontracting, confidentiality and non-disclosure.

Our Policy and Procedure Drafting and Gap Analysis services ensure that your organization has clearly declared and documented its organizational goals and employee and contractor roles and responsibilities.

This analysis will review policy and procedures relating to: incident detection and response, incident investigation and forensics, mobile devices, device commissioning and decommissioning, data classification, vendor contracting, vulnerability identification and mitigation, help desk ticketing and patching.

During a Vulnerability Assessment we employ the best automated vulnerability scanners, proprietary tools and manual vulnerability and risk verification processes to comprehensively identify and document organizational risks.

Our multi-pass, manual verification approach ensures the accurate identification of vulnerabilities and the elimination of false positives.

During a Penetration Test we assess an organization’s ability to detect and respond to malicious activity in a timely and effective manner through a simulated attack on an organization’s digital assets.

Penetration tests can be conducted on an announced or unannounced basis and target internal networks, external networks or specific organizational assets such as mobile devices or laptops.

The Social Engineering Assessment reviews the susceptibility of organizational staff and contractors to phishing emails, malicious calls, spoofed SMS messages and in-person pre-texting attacks.

This assessment includes an examination of: domain name availability, email spoofing, staff willingness to provide sensitive information, help desk password reset procedures and malicious email quarantine.

The Wireless Security Assessment reviews the security of wireless networks and management solutions against vendor recommendations and industry best practices.

This assessment includes an examination of: wireless encryption protocols, wireless passwords, MAC and WPS, rogue access points and improper network segmentation.

The Internet Security Assessment reviews the security of an organizations internet facing hosts and services as well as public information stored and shared on social media sites against vendor recommendations and industry best practices.

This assessment includes an examination of: information leaked through social media and other public sources, system and service accessibility, use of access control lists, patching, configuration weaknesses, user enumeration, account controls, attack detection and response and unencrypted services.

The Windows and Active Directory Security Assessment reviews the security of local Windows systems, the Windows domain environment and Active Directory and Group Policy against vendor recommendations and industry best practices.

This assessment includes an examination of: system configuration, users and groups, permissions, weak passwords, shared passwords, patching, account and audit policies and domain trusts.

The UNIX/Linux Security Assessment reviews the diverse UNIX/Linux family of operating systems (BSD, Debian, HP-UX, IBM AIX, Mac OS, Red Hat, Sun Solaris, SUSE, etc) for best practices controls as outlined by vendors and industry best practices.

This assessment includes an examination of: system configuration, users and groups, file permissions, shell history, weak passwords, shared passwords, patching, trusts, account policies and services.

The Web Application Security Assessment reviews both internally developed web application and vendor application such as Sharepoint and Outlook Web App for the most common and critical vulnerabilities known today based on sources such as the Verizon Data Breach Investigation Report (VDBIR) and the OWASP Top 10.

This assessment includes an examination of web application: configurations, users and groups, permissions, access controls, password resets, password strength, injection vulnerabilities, account and session controls and user enumeration.

The Database Security Assessment reviews the controls surrounding Microsoft SQL, MySQL, DB2 and Oracle database instances against controls as outlined by vendors and industry best practices.

This assessment includes an examination of: database configuration, users and groups, passwords, permissions, auditing, field encryption and salting, linking and logging.

Assurance io’s expertise is not limited to the services listed here. We have broad legal, audit, security and IT expertise. If you desire a service or custom work plan that you don’t see listed here, feel free to contact us. We can construct a work plan to suit your needs or guide you to those that can!