Risk & Vulnerability Assessment - IT Solutions - IT Services - IT
2
NETWORKING SOLUTIONS 1.800.INSIGHT t INSIGHT.COM Risk & Vulnerability Assessment Overview Managing risk within your environment can be challenging as you balance business operations, governance, IT assets, threats and vulnerabilities. As a critical element of any risk management program, security testing serves to highlight unmanaged security risks and to measure the extent to which controls are effectively implemented and managed. To further underline the importance of recurring security testing, government and private-industry led security regulations such as HIPAA, PCI, Sarbanes-Oxley and GLBA all require some element of “validation of technical security controls.” Whether it’s called “penetration testing,” a “security assessment” or a “vulnerability assessment”, this kind of service is the foundation of accurate testing. The Insight Networking Risk & Vulnerability Assessment (RVA) service line addresses the full gamut of security testing requirements. Risk & Vulnerability Assessment Benefits Data security breaches are in the news on at least a weekly basis. Hackers are no longer motivated only by fame and prestige but also by profit. They are employed by foreign governments, terrorists and organized crime. While the specific manner by which the data breach occurred varies from report to report, the common theme is a lack of a security management program that included recurring testing of the in-place security controls. Whether the attack occurs through a technical vulnerability such as a web application, email-born virus or wireless network or through a social or process vulnerability, the effect is the same: negative press, downstream and upstream liability and increased regulatory scrutiny – especially for companies that are regulated by some federal or state agency and for anyone who works with credit cards. Security testing, in the form of a team of knowledgeable security experts, or “white hats”, conducting controlled security tests forms the foundation by which unmitigated risk is identified and successful managed. The purpose of this activity is to validate that the day-to-day security management tasks are being completed as required to address your risks. Our Proven Methodology Our approach starts with understanding your business environment. Without this understanding, our recommendations would be provided in a vacuum, resulting in ineffective security or, worse, security that impedes business operations. SUCCESS STORIES Insight has delivered its unique blend of security and business risk management assessments to a wide variety of industries, including: • State and municipal government agencies • High-tech companies • Financial services industry • Manufacturing • Logistics and Transportation • Healthcare companies • Retail companies Risk & Vulnerability Assessment
Transcript of Risk & Vulnerability Assessment - IT Solutions - IT Services - IT
NetworkiNg SolutioNS
1 . 8 0 0 . i N S i g H t t i N S i g H t. c o m
Risk & Vulnerability Assessment OverviewManaging risk within your environment can be challenging as you balance business operations, governance, IT assets, threats and vulnerabilities.
As a critical element of any risk management program, security testing serves to highlight unmanaged security risks and to measure the extent to which controls are effectively implemented and managed. To further underline the importance of recurring security testing, government and private-industry led security regulations such as HIPAA, PCI, Sarbanes-Oxley and GLBA all require some element of “validation of technical security controls.”
Whether it’s called “penetration testing,” a “security assessment” or a “vulnerability assessment”, this kind of service is the foundation of accurate testing. The Insight Networking Risk & Vulnerability Assessment (RVA) service line addresses the full gamut of security testing requirements.
Risk & Vulnerability Assessment BenefitsData security breaches are in the news on at least a weekly basis. Hackers are no longer motivated only by fame and prestige but also by profit. They are employed by foreign governments, terrorists and organized crime. While the specific manner by which the data breach occurred varies from report to report, the common theme is a lack of a security management program that included recurring testing of the in-place security controls.
Whether the attack occurs through a technical vulnerability such as a web application, email-born virus or wireless network or through a social or process vulnerability, the effect is the same: negative press, downstream and upstream liability and increased regulatory scrutiny – especially for companies that are regulated by some federal or state agency and for anyone who works with credit cards.
Security testing, in the form of a team of knowledgeable security experts, or “white hats”, conducting controlled security tests forms the foundation by which unmitigated risk is identified and successful managed. The purpose of this activity is to validate that the day-to-day security management tasks are being completed as required to address your risks.
Our Proven MethodologyOur approach starts with understanding your business environment. Without this understanding, our recommendations would be provided in a vacuum, resulting in ineffective security or, worse, security that impedes business operations.
SucceSS StORieS
Insight has delivered its unique
blend of security and business risk
management assessments to a wide
variety of industries, including:
• State and municipal government
agencies
• High-tech companies
• Financial services industry
• Manufacturing
• Logistics and Transportation • Healthcare companies
• Retail companies
Risk & Vulnerability Assessment
ABOut inSight
Insight Networking is a strategic business unit of Insight, a technology solutions provider serving global and local clients in 170 countries. Today, thousands of clients, including more than 80 percent of the Global Fortune 500, rely on Insight to acquire, implement and manage technology solutions to empower their business. Insight provides software and licensing services globally. In addition, we offer a comprehensive portfolio which also includes networking, hardware and value added services for our clients in North America and the U.K. We are aggressively expanding our global capabilities by introducing new offerings, including hardware and services, to meet emerging needs for our clients worldwide. Insight is ranked No. 484 on the 2009 Fortune 500.
1 . 8 0 0 . i N S i g H t t i N S i g H t. c o m
With this basic understanding of your business and how IT is used to support daily operations, Insight embarks on our data collection processes. These activities closely resemble those used by hackers as they attempt to break into your systems. Given that an attacker may have days, weeks or even months to plan and conduct an attack, there are adjustments made to provide greater efficiency while still providing conclusive findings.
Once the data is collected, Insight prepares an initial briefing to discuss the results with your team. If, during the data collection phase, we encounter findings of significant risk, we will alert your team to their presence without delay in order to ensure that the deficiency is remedied as soon as possible. After the initial briefing, Insight analyzes all of the data, producing the final report.
The final report consists of content written to three main levels: • executive Management – recommendations written to executive management to discuss
trends, industry comparisons and to establish the need for capital and human resources to remedy observed deficiencies
• it Line Management – recommendations written to IT management with specific detail on creating and/or bolstering the required security management capabilities
• technical Staff – recommendations written to system and network administration personnel, application developers, DBAs and other IT staff as required to address specific technical vulnerabilities observed during the assessment
Risk and Vulnerability Assessment Offerings • Perimeter Risk and Vulnerability Assessments • Internet Security Assessment • Wireless Security Assessment • Remote Access Security Assessment • Firewall Policy & Configuration Analysis• Internal Risk and Vulnerability Assessments • Internal Risk & Vulnerability Assessment • Data Management Practices Assessment (DBAs) • Data Management Practices assessment (End users) • Web Application Security Assessment• Other Compliance Assessments • Social Engineering Assessment • PCI Compliance Consulting • HIPAA Compliance Consulting • NERC CIP Compliance Consulting • GLBA/FFIEC Compliance Consulting• Additional Compliance Services • Network and Host Security Technology Design and Implementation • 24x7 Managed Network and Security Services
Fast Facts• Cisco Gold Certified Partner• HP Platinum Partner• IBM Premier Business Partner• Lenovo Premier Business Partner• Microsoft Gold Certified Partner• Lifecycle Management Services• ISO 9001:2008 Integration Labs
• Advanced Technology Labs• IT Management Services with a 24x7
Network Operations Center• 432,000 square foot Distribution Center• $130M ‘ready to ship’ inventory, $3.3B
virtual inventory• 2,500+ technical certifications
Insight and the Insight logo are registered trademarks of Insight Direct USA, Inc. All other trademarks, registered trademarks, photos, logos and illustrations are the property of their respective owners. ©2009, Insight Direct USA, Inc. All rights reserved. Updated 10.09
