What is an IT Health Check?
An IT Health Check (ITHC) provides an independent assessment of your organization’s cybersecurity.
It aims to provide assurance that your organization’s external and internal systems are protected from unauthorized access or change, and they do not provide an unauthorized entry point into your 3rd parties systems that consume.
The scope of an ITHC engagement will generally include:
- External/internal network and systems vulnerability assessment
- External/internal network and systems penetration testing
- Web application penetration testing
- Host configuration security review
- Database configuration security review
- Firewall configuration security review
Once identified, the vulnerabilities are presented in a report that provides clear, measurable results along with effective risk remediation solutions.
Is an IT Health Check right for you?
The ITHC is designed to provide assurance that your external and internal systems are protected from unauthorized access or change through assessments of protective monitoring controls and remote working devices, as well as others.
The benefits of completing an IT Health Check
Our penetration tests will help you to:
- Gain real-world insight into your vulnerabilities
- Scope your ITHC to conduct a tailored risk assessment
- Designed to demonstrate to 3rd parties that your network is secure
- We can recommend appropriate and cost-effective action that is required to address any areas of high risk
- Connect to other 3rd parties securely
Our engagement process
Our CREST accredited penetration testers follow an established methodology based primarily upon the Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) security risks. This approach will emulate the techniques of an attacker using many of the same readily available tools.
- Scoping: efore testing, our account management team will discuss your ITHC requirements to fulfil your testing criteria.
- Reconnaissance: During this stage we will passively gather publicly available information that could aid the testing process. This covers the enumeration of usernames, email address, vulnerable version and previously compromised credentials.
- Assessment: Using the industry standard methodologies such as OWASP, OSSTMM and publicly available configuration guides, each area in scope will be tested to identify vulnerabilities and security weaknesses.
- Reporting: On conclusion of the testing the results will be fully analysed by an IT Governance certified tester and a full report will be prepared for the customer that will set out the scope of the test and the methodology used along with all the risks identified.
- Re-test: We can provide access to our testers and the raw test data to support and expedite remediation. We can also retest your systems so that you can be sure all the identified issues have been successfully resolved.