Identify operating system weaknesses by assessing services and processes
	Idetify common configuration vulnerabilities:
	Is Windows Firewall enabled? Are Automatic Updates enabled? Are strong passwords enforced? Are unsecured Guest accounts enabled? Missing security updates

2. Network Audit

Evaluates the strength of network equipments:

	Evaluates the strength of network equipments: Review security policies of network security devices, including the firewall infrastructure, routers, virtual private networks and remote access services.
	PMSC consultants will attempt to penetrate your security controls from your internal network. This is to emulate the penetration attempts from malicious employee or contractor. Depending on the analysis of the consultants, the penetration may also be performed from external network upon your approval.

 

B. PROCESS & PEOPLE CONTROL REVIEWS

This set of reviews determines the adequacy and effectiveness of process and people controls to govern your critical business information assets. More details of the review are as follows:

ISMS Health Check

The ISMS Health Check is broadly based on Microsoft Security Assessment Methodology and the ISO 27001 (formally known as BS 7799 and ISO 17799) Standard, a set of internationally accepted best practices for managing information security. It evaluates the effectiveness of the information security management processes and controls in your organization. The areas to be reviewed are as follows:

i) Security Policy
ii) Physical and Environmental Security
iii) Communication and Operations Management

a) Operation procedure and responsibilities
b) System planning and acceptance
c) Protection against malicious codes
d) Back-Up
e) Network security management
f) Electronic commerce security

 

iv) Access Control

a) Business requirements for access control
b) User access management

v) Management of Information Security Incident and Improvement

vi) Compliance

a) Reviews of security policy and technical compliance
b) System Audit considerations

 

 

DELIVERABLES

1. Security Audit Report
This report consists of a list of weaknesses in the system, categorized according to the following considerations:

High risk = successful penetration to attain super-user or administrator privilege

Medium risk = successful penetration to cause service failure

Low risk = non-confidential information gathering.

2. Report Presentation to Management
This is a presentation of the security audit findings to the Senior Management. The findings will be presented with emphasis on business impact and away from technical jargons.

 

 

Terms & Conditions:

a. This service is limited to an environment with up to 20 IP addresses in one physical location.

b. The pricing is valid within Klang Valley only. Cost for additional time & materials will be payable by customers out of Klang Valley.

c. The ISMS Health Check is not a full risk assessment and does not fully replicate the provisions of ISO 27001, BS 7799 or IS 17799, and so cannot be used to claim adherence to the standard.