IT Health Check
What is an IT Health Check?
An IT Health Check (ITHC) provides an independent assessment of your organization’s cybersecurity.
It aims to provide assurance that your organization’s external and internal systems are protected from unauthorized access or change, and they do not provide an unauthorized entry point into your 3rd parties systems that consume.
The scope of an ITHC engagement will generally include:
- External/internal network and systems vulnerability assessment
- External/internal network and systems penetration testing
- Web application penetration testing
- Host configuration security review
- Database configuration security review
- Firewall configuration security review
After identifying the vulnerabilities, they are presented in a report that provides clear, measurable results along with effective risk remediation solutions.
The benefits of completing an IT Health Check
Our penetration tests will help you to:
- Gain real-world insight into your vulnerabilities.
- Scope your ITHC to conduct a tailored risk assessment.
- Designed to demonstrate to 3rd parties that your network is secure.
- We can recommend appropriate and cost-effective action that is required to address any areas of high risk.
- Connect to other 3rd parties securely.
Our engagement processes
Our CREST accredited penetration testers follow an established methodology based primarily upon the Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) security risks. This approach will emulate the techniques of an attacker using many of the same readily available tools.
- Scoping: Before testing, our account management team will discuss your ITHC requirements to fulfil your testing criteria.
- Reconnaissance: During this stage we will passively gather publicly available information that could aid the testing process. This covers the enumeration of usernames, email address, vulnerable version and previously compromised credentials.
- Assessment: Using the industry standard methodologies such as OWASP, OSSTMM and publicly available configuration guides, each area in scope will be tested to identify vulnerabilities and security weaknesses.
- Reporting: On conclusion of the testing the results will be fully analyzed by an IT Governance certified tester and a full report will be prepared for the customer that will set out the scope of the test and the methodology used along with all the risks identified.
- Re-test: We can provide access to our testers and the raw test data to support and expedite remediation. We can also retest your systems so that you can be sure all the identified issues have been successfully resolved.
Why choose IT Governance?
We’re a pioneer in making penetration testing easy to understand and quick to buy.
Choose the level of penetration test to meet your budget and technical requirements.
Clear reports that can be understood by engineering and management teams alike.
CREST-accredited penetration testing services give you all the technical assurance you need.
Companies using our penetration testing services
“IT Governance combines the delivery of real insights with a cost-effective service.”
Ian Kilpatrick, Group Information Security Officer at Collinson Group.
Get in contact for a quote
Our team of experts are available to discuss your organizations penetration testing needs, and can help you decide which of our testing services is best suited. Get in touch with us today.