I/T Security Audit

Based on Regulatory Standards (ISO, GLBA, FISAP, HIPAA or others), xDefenders works with clients to interview employees, I/T staff and management to determine if published security policies are being followed. We compare policy with procedures and note where there are “gaps”. A detailed checklist is completed and a report is written and reviewed with the client. An audit will review the following areas:

 

Database Access and Security Controls

Many applications that reside on top of Oracle, Sybase, DB2, MS/SQL or MySQL rely on the security attributes of the database to secure, control and backup the data. Understanding this concept and Data Base Administrator (DBA) processes and tools, is essential to auditing a database and the applications that utilize it. We look at the relationship between application and database security.

  • Log-On Procedures
  • Password administration and management
  • User Identification, Authentication, Admin.
  • Use of system utilities
  • Links to applications, operating systems
  • Backup and storage security procedures
  • Security of DBA tools and software
  • Evaluation of stored procedures

 

Housekeeping

  • Management of Logs
  • Back-up Procedures
  • Fault Logging
  • Problem Reporting and Administration

 

Operating System Access Control

  • Password Administration and Management
  • User Identification, Authentication, Admin.
  • Use of System Utilities
  • Terminal Time-out
  • Limitation of Connection Time
  • Terminal Log-On Procedures
  • Peripheral Administration

 

Security of System Files and Servers

  • Control of operational software
  • Protection of system data and files
  • Access control to program source library
  • Connectivity and Interconnected network
  • Network Access
  • Trust relationships
  • Server Logical Security
  • Penetration detection
  • Violation investigation and monitoring
  • Virus Protection
  • Remote access facilities and VPN controls
  • Authentication mechanisms

 

Security Policy Development & Review

A set of security policies is a reflection of the culture of the organization. It needs to be clearly articulated and communicated to employees and business partners. We will provide well-constructed and publicized security policies, as well as comment on your existing documentation.

 

Employee Awareness Training

Most organizations are vulnerable to Social Engineering attempts to gain vital knowledge, which can lead to a compromise. xDefenders offers security training to help clients increase awareness, reduce their risk of compromise

 

Business Impact Analysis, Continuity Planning

Business Continuity Planning (BCP) is a collection of management processes designed to provide organizational persistence during and following a business disaster.

This project begins with the data collection and interview process called - Business Impact Analysis (BIA).

 

Risk Assessment

xDefenders can help assess the level of security you need in your applications, systems and networks by following a proven evaluation model. This Information Risk Management Plan compares and considers key information components and helps you assign a security service for data or program segment to be secured, and the costs