A comprehensive Defcom audit includes IT security analysis conducted in several phases. Firstly we identify all IT critical functions, in keeping with the company's overall goals and strategies.
As risks are identified they are then prioritised in a risk inventory analysis. Risk and security-handling methods within these areas are reviewed and evaluated. This is followed by extensive penetration testing of the network conducted under realistic circumstances.
Both external and internal data transfer connections, such as firewalls, modem pools external web servers, mail servers and internal business critical systems are analysed and reviewed.
The Defcom Audit was designed to answer questions such as:
- Where does our network begin and end?
- What is the range of access points to our network?
- Is there a risk that unauthorised individuals can gain access to our network or otherwise cause damage?
- Does our installed defence system provide adequate protection?
The software tools developed in-house at Defcom's lab pinpoint lack of security more accurately than other commercial applications as a result of our continuous update programme to ensure that we maintain our position on the leading edge of Internet security development.
Maintaining an acceptable level of security is an ongoing requirement and therefore we recommend that networks be analysed at least quarterly. The Defcom Audit service is offered on a subscription basis, providing periodic, scheduled analysis. Such audits are performed on site or over the Internet depending on the client's preference.
