Security assessments should be conducted on a regular basis, and should be included in the strategy. Major international standards include third-party assessments as an important requirement. The goal of assessments is to ensure that necessary and adequate security controls are implemented to protect information assets from unauthorised access, use, disclosure, disruption, modification, recording or destruction.
We, at Forebrook, conduct comprehensive assessments based on best-practices and international standards. In addition to using latest tools for vulnerability assessments, we also check, inspect, observe and analyse information systems in a holistic manner covering technology, people, policies, processes, procedures. As an integral part of assessments, we conduct interviews with individuals and groups in the organisation to understand the infrastructure, security objectives and strategies, and assess security controls for effectiveness and adequacy. Additionally, penetration tests will be conducted for public-facing IPs [if required by the client].
Our Security/Risk Assessments do not just tell you what is missing, but also provide you with actionable advice, recommendations for remediation, a prioritised list of controls to implement and a roadmap to implement those controls.