IT security relies on the assurance that systems, infrastructure, and devices, etc. are not vulnerable to attack or exploitation. This assurance can be gained through knowing system vulnerabilities as well the applying layered security controls. IT Security Health Checks, vulnerability scanning, and penetration testing enable organisations to know what vulnerabilities their systems, infrastructure, or devices have, and identify the impact of exploitation. In addition, penetration testing is often a component of security audits, especially within the Public Sector and the Payment Card Industry, where the Data Security Standard (PCI DSS) requires both annual and on-going penetration testing and quarterly vulnerability scans. Sopra Group can provide a range of Assurance Services including:
IT Security Health Check
Our security specialists can provide you with an IT security health check that can highlight known issues quickly, by remotely identifying security problems in your existing internal or Internet-facing infrastructure. We regularly conduct IT security health checks on site at client offices or data centres, so that networks which arenít directly internet-connected can be thoroughly tested too.
A vulnerability assessment identifies immediately visible security vulnerabilities in a given infrastructure or web applications. Sopra Group will map your networks and identify any security vulnerabilities which may be present. Our security experts have the knowledge to systematically analyse the security weaknesses present in your network, and can provide advice on how best to remove them, or make exploitation more difficult for a network attacker.
Conducting an infrastructure Vulnerability Assessment will provide your organisation with a good idea of the risks that your infrastructure poses and will provide you with the appropriate guidance on how to secure your systems.
Penetration testing is a method of evaluating the security of an IT system by simulating an attack by a malicious person either from the outside world (such as the Internet) or from within an organisation. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, known or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. Penetration testing provides an in-depth view of security and can include the following:
- External Infrastructure Testing
- Internal Infrastructure Testing
- Application Testing
- Wireless testing
- Mobile device testing
- VoIP testing
- Server and workstation build reviews
- Social Engineering
- "Brand Damage" attacks