With the proliferation of interdependent and interconnected networks, it is common for an organization to have connected their resources to intranets, extranets and the Internet. As such the number of potential malicious users grows exponentially. A systematic, comprehensive, ongoing, and priority-driven security testing program is essential for agencies to determine its security priorities and making prudent investments to enhance the security posture of its information resources.

Experts in vulnerability and penetration analysis, our audit methodologies address the testing of technical controls within a client’s IT environment. We work with both IT personnel and management to examine the relationship between productivity and security, identifying sources of error and penetration threats.

In addition to standard vulnerability reviews, our approach generally involves three vulnerability assessment scenarios that test the security of the identified networks and systems:

Internal Threat – Employees with physical access to site and access to system resources. The third scenario will address the following primary areas of network control weakness: access control and password management.

Using this series of methodologies helps ensure a comprehensive assessment of vulnerabilities is performed. Further, using open source and Commercial Off-the-Shelf (COTS) tools, along with reviews of computer audit trail logs, we are able to identify and target weaknesses in your system. The results of which can be used to design the most efficient control mechanisms for a secure information system environment.

Success Story
The Radius assessment team has successfully used this methodology at the Bureau of Alcohol, Tobacco and Firearms. We assessed vulnerabilities and created standard reporting procedures for distributing and addressing these vulnerabilities.

Please review other components of our Management Operations Suite: