Specific Security Assessments

With hackers and terrorists continuing their assault on the websites, systems, and networks of federal agencies and organizations, you need to be sure that your IT security is as tight as possible. And with federal regulations for protecting systems and data increasing, the penalties for poor security are getting tougher. So it pays to ensure that your IT security controls are adequate.

C5i can help you verify that your IT controls are sufficiently protecting your data and systems. C5i testers and auditors can evaluate specific areas of your IT security program and identify any areas of weaknesses, before they're exploited by hackers or discovered by auditors.

As part of C5i's Individual Security Tests progam, consultants can perform a general risk assessment or specific evaluations that focus on one particular area of need, such as:

• Network Security Assessments or Ethical Hacking/Penetration Testing
  • Application Security Assessment
  • Wireless Security Assessment
  • Physical Security Assessment
• Security Architecture Evaluations
• Security Program Evaluations

Network Security Assessments

To help organizations proactively manage risk in the context of their overall goals of protecting their information assets and reputation, C5i maintains a world-class Security Health Center focused on the development and delivery of Network Security Assessment services. These services focus on identifying vulnerabilities throughout the organizations network, including servers, workstations, network devices, and software applications.

C5i Network Security Assessments include two main types of evaluations, ranging from broad-view to more narrowly focused assessments of your network security:

• Vulnerability Assessments - The Vulnerability Assessment provides a snapshot of the overall security health of your network and its components. It evaluates all aspects of your network security (especially firewalls, DNS servers, web servers, mail servers, routers, hubs, load balancers, and other supporting systems), and involves mapping, identifying, and testing active devices for vulnerabilities and then attempting to exploit those vulnerabilities. We recommend this type of evaluation for any organization that has not undergone a recent security risk assessment and needs to know the status of their network security.
• Ethical Hacking/Penetration Testing - C5i's penetration testing is primarily concerned with infiltrating your network's defenses in order to meet a specific IT security goal. Ethical hacking/ penetration tests usually focus on the primary methods used by hackers to gain access to your network and data. C5i's penetration tests are performed against your Internet infrastructure in a non-destructive way to identify vulnerabilities in the configuration and architecture of these systems.

All of C5i's Network Security Assessments can be performed as either a full-scale vulnerability assessment or a simple ethical hack/penetration test. C5i offers three basic types of Network Security Assessments:

Application Security Assessment

C5i's Application Security Assessment can occur at any point in your application's life-cycle, and includes application design analysis, code review, and application security testing and analysis.

Wireless Security Assessment

C5i's Wireless Security Assessment includes the evaluation of your wireless network architecture, access point configuration (war-driving), and encryption technologies. It can also include an optional review of your wireless security policies to ensure that your agency understands the security implications and weaknesses of wireless networks and technology.

Physical Security Assessment

C5i can help minimize your risks by assessing your infrastructure vulnerabilities and recommending solutions that will ensure the security and continuity of your business. C5i's Physical Security Assessment team will critically examine your facilities, systems, and high-value assets; give you a detailed risk assessment based on your business requirements; and provide recommendations for enhancing security and managing your risks.

Physical security assessments include evaluations of security requirements, including policies and procedures, personnel response, mechanical and electronic security measures, access control, use of video surveillance systems, alarm systems and other measures necessary to ensure detection, assessment, response, delay, and neutralization of potential adversaries. The physical security assessment then evaluates the actual physical controls in place, comparing them to your requirements and policies as well as industry best practices. Vulnerabilities and associated risks are identified, and countermeasures are recommended.

C5i can also assist in the definition of physical security requirements and help specify physical security solutions. Call today for more information about how C5i can provide a customized implementation plan to address physical security needs.

A Proactive Approach (the best defense is a good offense)
C5i's Vulnerability Assessments can also be provided as a managed service, giving you regular, frequent evaluations of your network to ensure that network configuration changes do not inadvertantly open up holes in your defense. Click here for more information about C5i's managed services.

Security Architecture Evaluations

The Security Architecture Review process focuses on reviewing the infrastructure and application security architecture, as well as testing and verifying application, network, and security system configurations.

C5i's security consultants will examine the design and architecture of the infrastructure in order to determine how it handles sensitive data and compare it to internal policies and enterprise architecture standards as well as NIST guidelines.

The review usually includes the security posture of front-end web servers, application software, application servers, supporting database servers, and interfaces to other back-end systems. It focuses on the architecture, design, and configuration of mission-critical IT components, such as firewalls and perimeter defense, servers, VPNs and PBXs, network devices, intrusion detection systems, and audit/alerting mechanisms. It evaluates the balance between security and functional needs.

Security Program Evaluations

The C5i security consultants will conduct an in-depth review of your information security program in order to assess the organizational, personnel, process and technical dimensions of your agency's security posture. C5i uses a structured process for reviewing information security programs, which focuses on reviewing existing data security policies, procedures, standards and guidelines; interviewing knowledgeable staff; and directly observing critical program areas.