Information Security Assessment includes security status verification for various IT systems in the Customer's infrastructure including web portals, mail services, internal and external services and enterprise networks.
When our specialists assess the Customer's infrastructure, they can simulate various attack vectors, including external and internal ones, against the infrastructure. We thoroughly search for opportunities and check every exploit that can cause data leaks, malware infiltration or total disruption of enterprise performance, for instance, as a result of a successful attack on the industrial control system.
Taking into account the assessment results, our specialists generate a report, provide the Customer with a list of detected and exploited vulnerabilities and possible remediation measures. Most importantly, the results of the report show security threats, enable the Customer to assess how critical they are and understand what should be done to improve security and to remedy vulnerabilities.
USSC offers all possible information security assessment services:
- resource audit: web sites, email servers and any other network-based corporate services
- network audit: external perimeter, corporate network or separate network segments, for instance, DMZ or industrial control system network
- software audit: program source code, executable files and mobile applications
- security audit based on social engineering
Information Security Assessment is mostly relevant when there is a need for:
- thorough analysis of potential break-in opportunities and accessible resources
- independent expert report on current security status and overall security system efficiency evaluation
- contractor work quality analysis (e.g., website developers or outsourcing companies)
- risk evaluation for applicable IT infrastructure
- vulnerability assessment of software products
- cybersecurity investigations
- quick system upgrade to improve security against hacker attacks
Information Security Assessment can be made either in accordance with: "Black box" model (absence of authorized access, initial data of the configuration and applied information security tools) or in accordance with "Gray box" model (presence of authorized access to the system).
Our experts use proven methods based on international standards and best practices (NIST, OWASP, PCI DSS, EC-Council and others)
The scope of each audit is not strictly limited by one or several subsystems. Just as each IT system is unique and interesting in its own way, every audit is profound security research.
Our track record includes many successful projects on identification and remediation of vulnerabilities and improvement of overall security for many websites of financial and public sector institutions, IT infrastructure of large logistics companies and Industrial Control Systems. Due to our work, our Customers stay protected from IT and IS threats.