We conduct high-level security assessments with the objective of providing a basic overview of the state of technical security for their internal and external-facing systems and infrastructure. This results in a broad, low-depth review intended to identify vulnerabilities that could result in the loss of confidentiality, integrity, or availability of information systems and assets.
Using best-practice information gathering and assessment methodology combined with vulnerability scanning tools, our teams obtain a point-in-time snapshot of the infrastructure and perimeter security. Based on evidence gathered, our team isolates key issues found during the assessment.
To mitigate critical vulnerabilities, Veracity identifies a series of recommendations and organizes them according to the urgency, cost, and ease of implementation. Our team conducts a qualitative assessment of the organizational security to compare against industry best practices. Information is gathered using structured/unstructured interviews, automated scanning tools, and manual analysis.
The results of this assessment define risks that are broken down into technical categories such as Infrastructure, Operating Systems, Applications, Operations, and Physical. Once the risks are identified, they are categorized into a severity level based on ratings defined by industry best practices (Vendors, CIS, STIG, and SANS guidelines), audit framework (COBIT, ISO 270001, PCI-DSS), and the professional experience of Veracity security staff.
Our team provides recommendations for remediation based on controls that provide the maximum risk reduction or resolution of a critical issue with the least cost, effort, and overhead. We bring extensive experience with security at all levels of architecture.
We have background with:
- Packet Filter/IP Chains Firewalls
- Cisco PIX
- NetGuard firewalls
We manage security on:
- Windows 2000, Windows 2003, and Windows 2008
- RHEL 3 – 5
- Oracle Databases running on various UX/LX platforms
- SUSE 9 – 10, and
We also plan and oversee Enterprise Security Response teams that manage mitigation of security incidents, to include the management of after action reports, pre-emptive planning, patching, securing, secure redundancy, etc.