Penetration and
Vulnerability Assessment
Who Needs
Penetration Assessments
Altius IT's penetration assessments evaluate the
security of a computer system or network by
simulating
an attack from a malicious user
(hacker). Penetration assessments
are ideal for:
- Ensuring compliance (PCI,
HIPAA, Sarbanes
Oxley, etc.)
- Emerging and fast growing firms
- IPO ready organizations
- Organizations concerned about security
- Businesses with geographically
distributed offices
- Organizations in the financial and
health care industries
- Firms working with the government or
large institutions
- Organizations that share and collect
personal and/or proprietary data
Assessment Work Plan
Our services include an active
analysis of your system for any potential
vulnerabilities that result from poor or
improper system configuration, known and/or
unknown hardware or software flaws, or
operational weaknesses.
In an attempt to breach security, Altius IT’s
services simulate various types of attacks on
your organization’s network and employees. Our
analysis is carried out from the position of a
potential attacker but does not involve active
exploitation of security vulnerabilities.
Our services include a combination of automated
and manual methods to determine and exploit
vulnerabilities:
- Penetration testing – ethical hacking
- Physical security
- Social engineering
Penetration Testing (Ethical Hacking)
Our ethical hacking penetration testing
service helps evaluate intruder threats. We
neither damage your systems nor steal
information. Instead, we evaluate the target
systems' security and report back to you any
vulnerabilities and instructions on how to close
the holes.
Ethical hacking demands a lot of time and
persistence, sometimes monitoring systems for
days or weeks waiting for an opportunity.
A typical evaluation requires several days of
tedious work that is difficult to automate. In
many instances, portions of the evaluations are
done outside of normal working hours to avoid
interfering with production and simulating the
timing of a real attack.
We spend the time to learn about your systems
and try to find its weaknesses. This also
requires continuous education and review in this
ever changing world of computer and network
security.
Physical security
We review and analyze physical access to
systems, un-shredded documents, and can use
digital dumpster
diving and other techniques to gain access to
confidential information.
Social Engineering
Our experts test your staff and their
security related education. We check for human
error that can lead to disclosure of proprietary
information through personal e-mails, losing or
forgetting passwords, and vulnerability to
con-artists and “social engineering” techniques.
Deliverables
Our deliverables include a report of our
findings as well as recommendations, and
a prioritized Action Plan. The entire Work Plan
takes from one week to as long as three months,
depending upon the scope. Please see the
Altius IT Roadmap
(AIR) for more information.
Certification
Upon completion of our services, Altius IT
provides a certification letter for distribution to
your customers, clients, and prospects. We
also provide you with the
Altius IT Secure Seal that can be prominently
placed on your web site. This provides peace of mind that sensitive information remains secure.
Why Altius IT
We are certified by the Information Systems
Audit and Control Association as Certified
Information Systems Auditors (CISA). Altius IT's experts provide outside,
independent assessments that
help organizations:
- Achieve compliance with industry
standards
- Develop strong relationships with your
customers
- Minimize business and IT related risks
- Reduce costs while ensuring information
protection
|
