STIGroup provides a comprehensive Internet Penetration Test to secure your business against external threats to your Information Security.  In addition to the technical testing typically conducted, STIGroup provides audit services to evaluate the design and configurations relevant to your perimeter infrastructure, providing you with a thorough review of your perimeter security posture.  The service offering is customized from the following components list to achieve the goals of the engagement:

Services

1) Policy Gap Analysis                                        a) Review of applicable policies               2) Target Infrastructure Design Analysis     a) Management infrastructure     b) Monitoring infrastructure     c) General deployment guidelines     d) IP communications strategy     ­e) Intersection with external networks           3) Management Methodology Review     a) Methods     b) Access controls     c) Authentication     d) Encryption     e) Audit controls 4) Monitoring Methodology Review     a) Availability     b) Integrity     c) Inappropriate activity

5) Configuration Analysis     a) Network Infrastructure      b) Servers      c) Applications 6) Scanning and Vulnerability Testing     a) Port and Service Scanning     b) Network-based Vulnerability Scanning     c) Web Application Scannnig 7) Penetration Testing     a) Attempted exploit of identified vulnerabilities     b) Attempted exploit of system access controls         i) Password cracking         ii) Privilege escalation         iii) Protocol eavesdropping     c) Social Engineering     d) Protocol Eavesdropping

1) Audit Results documentation                         a) Summary assessment     b) Summary recommendations         i) prioritization and budgetary considerations         ii) Short-term tactical measures         iii) Longer-term strategic measures     c) Assessment detail and recommendations:         i) Policy Recommendations         ii) Design adjustments         iii) Management/monitoring enhancements         iv) Configuration changes     d) Vulnerabilities with associated risk     e) Vulnerability remediation strategy

2) Raw results data      a) Relevant content in document appendices      b) Raw data in electronic format 3) Audit Results Review Meeting     a) Presentation of summary results/recommendations     b) Q & A session as appropriate     c) Initial planning of remediation strategy

© STIGroup 2010      Home   |   Profile   |   Services   |   Partners   |   Products   |   Contact Us   |   SiteMap