 |
Security Vulnerability
Assessment
Ensure regulatory compliance and minimize
exposure to cyber security risks. With proven best practices and an advanced
knowledge of IT security, our cyber security experts help reduce risk and
mitigate threats to your IT infrastructure through audits, penetration testing,
consulting, and digital forensic analysis.
Our security consulting team maintains
certifications across leading security disciplines and technologies and has
extensive knowledge of current security standards, best practices, and
government regulations including ISO-17799, HIPAA, Sarbanes-Oxley (SOX), and the
Gramm-Leach Bliley Act (GLBA). Our risk-based assessment approach will help you
minimize the risk of a compromise of Electronic Protected Health Information (EPHI)
triggering breach notification requirements.
Our comprehensive line of consulting
services provides organizations with the tools they need to achieve their
optimal security posture. Follow the links below to learn more.
Superior Solutions, Inc. can provide organizations with either
a quantitative or qualitative based risk assessment.
Quantitative Risk Assessment
Quantitative risk assessment makes use of a single figure that
is called “Annual Loss Expectancy (ALE).” This value is calculated for an event
by simply multiplying the potential loss by the probability. These values are
then used to rank events in order of risk. The results of ALE calculations must
be carefully analyzed to properly interpret the data. Once reviewed the proper
administrative, technical, and physical controls and countermeasures can be
implemented to tackle the high risk, high probability events. Not withstanding
the drawbacks, some organizations prefer quantitative risk analysis.
Availability
Our security consultants and trainers are available internationally for short or
long term projects. For more information, please contact us at Superior
Solutions, Inc. One of our representatives will respond to your inquiry
immediately.
|
 |
IT Security Audit and Assessment
Service
There are a number of ways to perform security audits, penetration tests, and assessments.
Regardless of the methodology, our goal is to measure an organization's risk and find better ways to protect its critical assets.
Our IT security solutions can provide organizations with
assessments that follows the National Security Agency (NSA) Information Assurance Methodology
(IAM). Our security engineers are certified in this risk assessment methodology.
Information Assurance Methodology
The IAM is a non-intrusive qualitative method used to quantify, qualify, and improve an organization's security posture. It was originally created by Presidential Defense Directive-63 for vulnerability assessments of U.S. government infrastructures, but is now considered the defacto standard of assessment for private industry. Our engineers use the IAM when assessing security priorities with the goal of improving the confidentiality, integrity, and availability of an organization's mission critical information systems.
How Are IAM Assessments Performed?
The IAM assessment consists of three phases:
1. Pre-assessment phase
2. On-site visit
3. Post-assessment phase
During the IAM assessment, we will analyze 18-core subjects that will allow us to identify potential vulnerabilities and recommend steps for eliminating or mitigating those risks. At the conclusion of the process, a final report will be prepared and presented to the customer. This is a form of qualitative risk assessment.
Qualitative Risk Analysis makes use of non-monetary values when calculating risk. It is by far the most widely used approach to risk analysis. Probability data is not required and only estimated potential loss is used. Most qualitative risk analysis methodologies make use of a number of interrelated elements including the following:
Threats - Computer security threats can come externally (e.g., from a
malicious hacker) or internally (e.g., from a disgruntled employee). They pose
the potential to "attack" a computer system. In addition to viruses, spyware,
spam, and phishing scams, examples of network security threats might include
natural disasters or man-made events. Threats are ever present for every
computer network system.
Vulnerabilities – These are weaknesses that make a computer system more
prone to attack by a threat or make an attack more likely to have some success
or impact.
Controls - Security controls are the countermeasures to avoid and
minimize vulnerabilities.
There are four types of security controls that can be used to decrease risk:
1. Deterrent controls which reduce the likelihood of a deliberate attack.
2. Preventative controls which protect vulnerabilities and make an attack unsuccessful or reduce its impact.
3. Corrective controls which reduce the effect of an attack.
4. Detective controls which reveal attacks and trigger preventative or corrective controls.
Get a Free Network Consultation
Our representatives are standing by to offer a free complementary consultation.
Please contact us at
TheSolutionFirm
to learn more about our IT security audit and network vulnerability
assessment services.
|
 |