Security Audit Level 1
This service allows you to experience how and why security reviews are required in their organization. It allows you to understand the state of security in their IT environment to allow you to consider the next step of actions to be taken to remedy the problem area. This service reviews critical technical, process and people controls in the customers’ IT environment.
TECHNICAL CONTROL REVIEWS
This is a set of reviews to determine the adequacy and performance of technical security controls in your organization. Our security consultants will test for possible ways for an intruder to access your servers, from the internal and external network.
This review covers 2 major areas, the operating system and the network. More details of the audit are as follows:
|
|
PMSC will perform the penetrations from a remote location out of your network. This will effectively simulate the action of hackers with minimum knowledge of your network and information system.
|
|
|
Evaluates the strength of network security policies with Internal and External Penetration Tests.
|
PROCESS & PEOPLE CONTROL REVIEWS
This is a set of reviews to evaluate the effectiveness of the information security management processes based on ISO/IEC 27001:2005 Information Security Management Systems (ISMS) and Microsoft Security Assessment Methodology.
ISMS Gap Analysis
The PMSC Security Audit Level 1 reviews the following critical ISO/IEC 27001:2005 ISMS controls:
Physical & Environmental Security
|
|
Reviews the Secure Area which houses critical information processing equipments.
|
|
|
Reviews the controls for operating system configurations changes, capacity planning, time synchronization, malicious software controls, and backup & recovery.
|
|
|
Reviews the timeliness and effectiveness of patch implementations.
|
Microsoft Security Assessment
A Risk Assessment designed by Microsoft to provide information and recommendations about best practices for security. This Risk Assessment is based on accepted standards and best practices for helping reduce risk in IT environments. It uses the "Defense-in-Depth" concept, which refers to the implementation of layered defenses that include technical, organizational, and operational controls. The assessment covers four Areas of Analysis: controls. The assessment covers four Areas of Analysis:
Deliverables
1. Report Presentation to Management
This is a presentation of the security audit findings to the Senior Management. The findings will be presented with emphasis on business impact and away from technical jargons.
2. Security Audit Report
This report consists of a list of weaknesses in the system, categorized according to the following considerations:
High risk = successful penetration to attain super user or administrator privilege.
Medium risk = successful penetration to cause service failure.
Low risk = non-confidential information gathering.
|
