IrisLogic SecurNet Audit Services are an essential procedure for every organization in order to accurately collect conclusive information about the vulnerabilities of a network and provide effective solutions. However, before beginning a security audit, IT managers must first define the reasons for implementing risk management to help determine the objectives for the organization. The objectives should always keep in mind the basic tenet of risk management: create a positive impact on the bottom line.
SecurNet Audits are performed on-site and consist of six essential phases:
- External Security AssessmentEvery network must be protected from external attacks. IrisLogic’s first audit phase determines the viability of existing hardware in preventing attacks such as denial of service, IP spoofing, ping of death, routing redirection, and so on. State-of-the-art security tools and scripts are used in a concerted effort to attack existing network firewalls to discover every possible external security vulnerability.
- Network AnalysisNetworks can be viewed as complex engines, but often a single point or area of failure is to blame for poor network performance. IrisLogic’s comprehensive Network Analysis delves deeply into the customer’s network topology to determine the quality and effectiveness of the current network technologies. Documentation provides a detailed analysis of existing network problems.
- Host AnalysisCritical servers or identified hosts on the network are inspected for possible security failures. In this phase, IrisLogic uses sophisticated host scanners to inspect the servers, determine what services the hosts are running, and identify levels of patch revisions, file permissions, password files, and so on.
- Threat AnalysisThreat analysis plays an important role in building an effective security policy. IrisLogic takes a holistic approach, using industry research, trends in criminal activity and regulatory measures, and changes in technology as our knowledge base. Armed with cutting-edge knowledge, we can accurately assess a customer’s vulnerability to an outside attack.
- Policy AnalysisThe next phase in building an effective security policy is to carefully analyze the existing corporate security policy. Employees are interviewed to determine policy awareness and adherence, while existing policy documents are reviewed for content. Through this process, implied, official, and unofficial risks are brought forward and reconciled with the Threat Analysis. The production of a new or revised security policy completes the phase.
- Audit Report & RecommendationsWhen all the necessary data have been collected from the previous five phases, a report is provided to management, as well as an oral presentation to company personnel. The Audit Report details the issues involved with security architecture, network topology, risks, and policies. Finally, recommended solutions are outlined, which include a timeline and projected costs.