The objective of the Information Security Assessment is to provide feedback to the Customer with respect to its ability to preserve the Confidentiality, Integrity, and Availability of the information maintained by and used by the organization. Security is assessed for information privacy compliance.
Using various Security Frameworks including Octave Allegro, NIST and others, Redhawk will test the use and implementation of security controls used by your organization to secure sensitive data.
To Accomplish this, Redhawk reviews several sets of process controls, technology controls, and physical security controls Including:
Physical Controls Reviewing access control, data center security, environmental security, wiring closets, fire suppression, and protection of sensitive information (clear desk/clear screen policy, locking facilities, disposal of documents / media and video surveillance).
External Technical Controls Analyzing firewall configurations, internet design, exposed services and border devices, internet servers, intrusion detection/prevention systems, and remote access.
Internal Technical Controls Test performed to identify vulnerabilities on the WAN, LAN, Voice system, internal servers/printers, wireless networks, modems, vendor and partner connectivity, logging analysis and report, data-in-transit and portable devices.
Wireless Controls Identify wireless coverage overreach into non-private areas, identify weaknesses in wireless technical controls, Analyze wireless network architecture, search for rogue access points and analyze wireless security configurations.