Enterprise Information Security Assessment

The Enterprise Information Security Assessment is our most comprehensive security controls review. This service is designed to thoroughly identify critical information assets, threats and vulnerabilities. InfoDefense uses its proprietary assessment methodology, which is based on the NSA INFOSEC Assessment methodology, ISO 17799 and CoBIT, to ensure consistent results. Contact us for more information about the InfoDefense Enterprise Information Security Assessment Service.

Information Security Audit

An Information Security Audit is very similar to an Enterprise Information Security Assessment. The main difference is that our audit team generally reports directly to the CEO or board of directors whereas the assessment team may report to the CIO or a director. Another difference is that audits are not available to our existing security services clients (other than annual audit services) as we are required to maintain independence. Contact us for more information about our audit services.

Regulatory Compliance Assessment

The Regulatory Compliance Assessment is designed for companies and government organizations who are bound by the information security provisions within HIPAA, GLBA, FISMA and the Sarbanes-Oxley Act (SOX). InfoDefense executes this service to help you verify compliance with government regulations. We review enterprise-wide security controls as well as the security controls protecting the specific information that the regulation addresses. In general, these services are a little less comprehensive and less expensive than an Enterprise Information Security Assessment. Contact us for more information about the InfoDefense Regulatory Compliance Assessment.

Internet Security Assessment

The Internet Security Assessment is designed to review your organization’s network perimeter for vulnerabilities. During an Internet Security Assessment, InfoDefense’s security experts will perform a network security scan and review firewalls, servers exposed to the public internet, remote access devices and wireless access points to identify vulnerabilities. We then review these vulnerabilities with you to jointly design and implement remediation strategies. Contact us for more information about the Internet Security Assessment.

Internal Network Security Assessment

The Internal Network Security Assessment is designed to review your organization’s internal networks for vulnerabilities. During an Internal Network Security Assessment, our security experts will scan your entire internal local-area and wide-area networks for known vulnerabilities. These scans include all servers, workstations and network devices. As with all of our assessment, we not only summarize our findings, but we make recommendations to resolve each vulnerability we find. Contact us for more information about the Internet Network Security Assessment.

Controlled Penetration Testing

A penetration test evaluates systems using common hacking techniques. InfoDefense performs penetration tests in a methodical manner, and we schedule our tests during off-hours to minimize the possibility of disrupting your production systems. The penetration testing process consists of network discovery, network mapping, host enumeration, exploit discovery and exploit application. A full summary report of our findings along with resolution recommendations is provided for each test conducted. Contact us to learn more about our controlled penetration testing service.