Internal Security Assessments

Internal Security Assessments differ from external assessments in that their goal is to evaluate the overall security posture of the enterprise against potential attacks from “insiders,” other trusted parties or an attacker who has already successfully penetrated the perimeter of the organization. The goal is to evaluate, from a technical perspective, the various components of an information security program. We start with requests for network diagrams and device configurations (routers, switches, firewalls, IDS&IPS, DLP, etc.) and policies (server patching process, etc.) to evaluate against common security misconfigurations and vulnerabilities associated with network design and configuration management practices.

We interview stakeholders to evaluate security controls around the following areas as they relate to the overall risk management process:

  • External Perimeter Security
  • Internal Network Segmentation Design, and Security Appliance Implementations
  • Application, Patch, and Configuration Management
  • Administrative Security Procedure Implementation

In conjunction with the Architecture Assessment as a first step, we will mutually develop a scanning profile for the assets that we have determined are in scope for review. The vulnerability testing process gathers data on open ports and vulnerabilities for each selected asset exposed to the Internet/Intranet. We can conduct Social Engineering testing to attempt to gain access to information, resources, or privileges.  We can also conduct Phishing experiments to determine if information can be accessed via that attack vector.  The output from the assessment(s) are summary findings and recommendations. The reports typically includes root cause analysis of the data collected during the review which will offer the management team an itemized, prioritized view of remediation steps.

Learn more about iSphere’s Information Security services by e-mailing or calling 1.800.210.3215.

Our Jobs

Search Our Jobs