connaught security audit services

	citrix solutions
	oracle web hosting
	digital asset management
	virtual offices
	outsourcing
	database publishing
	isp services
	security audits
	networking infrastructure
	database storage
	remote managed services
	monitoring

Establishing a proper security policy is essential and involves risk assessment, threat analysis, and formulation of a security policy.

Every bit as important is making sure the security policy evolves with changing needs and business conditions and keeping barriers to unauthorized entry in place while countering new threats and vulnerabilities as they arise.

A security audit is essential to create an effective security policy. Security audits come in different strengths and flavors, and each has its own appropriate uses and frequencies. These should be applied on a prescribed basis to the premises, systems, processes, procedures, and networks.

Asset Identification and Classification
The process of identifying valued assets

Threat and Vulnerability Assessment
The process of identifying vulnerability to specific well-known attacks, especially those based on failure to patch or update key software or infrastructure components and known points of access or attack.

Penetration testing
Penetration testing attempts to actively compromise system, physical, or procedural security. Penetration testing is essential for environments with stringent security requirements.

Security policy review
A security policy review examines an organisation’s existing security policy. Used to review software and devices, current configurations, implementations, procedures, processes, and documentation.

Physical security audit
it’s essential to review physical access controls and emergency procedures for an organisation’s sites, buildings, server and equipment rooms, and any areas where proprietary assets are stored or used. This is particularly important for information systems and related assets because physical access to these items by the wrong person can lead to their theft or loss.

Event-driven audits
Event-driven audits for security scanning as new vulnerabilities are uncovered or for security checklist reviews as systems and platforms are updated.

Analysis, Decision, and Documentation
The final step is to make decisions about which recommendations to implement. This is generally based on cost-benefit analysis.


	© 2005 Connaught