Internal Security Assesment

Computer Map

“The greatest risk that Customers face today is not necessarily from the Internet. It is from within their own secured environments…”

The biggest threat that is facing Corporations and Homes today is from inside their computing environments. Network perimeter defenses, such as firewalls, have become much better at detecting and eliminating threats from the public Internet. However, Computer Users can now reach out from inside those secure environments to access Wireless Networks and Web Sites that are insecure. Doing so provides a ‘bridge’ between your once-secure environment and the public Internet! Malvertising, Malware, Viruses, Hackers and Cyber Spies may now have internal access.

The Internal Security Assessment, ISA, was developed by RSC to identify these “bridges” and weaknesses within your internal network infrastructure. And once identified, they can be resolved to prevent a possible breach.

RSC Security Engineers have developed an automated system that scans a network and any attached computing devices, compares them to known problems, and then furnishes a detailed report of all issues that need to be corrected.

Additionally, based on the scan results, RSC Security furnishes a Risk Matrix that is tuned for the specific Regulatory Compliance of a Corporation. RSC currently supports NIST, ISO 27001, FTC, FFIEC, SSAE16, and HIPAA

Learn More

Overview

The ISA is comprised of three steps; Passive Network Scan, Active Device Audit, and Web Content Audit.

Passive Network Scan

The Passive Network Scan will identity all computing devices that are using the network. All devices discovered are then positively identified to ensure that they are valid or if they need to be removed.

The Passive Network Scan will identify and categorize all network traffic types. This helps in identifying computing devices that may already be compromised within the Corporation or Home.

Active Device Audit

This step in the process accomplishes an audit from the Passive Scan discoveries. The device audit is a thorough inventory of all services, applications, processes, open ports, and Users/Groups that have access to each device. This information determines the business purpose of the computing device.

Web Content Audit

This last step in the program reviews all of the information captured in the previous two steps for unauthorized and/or inappropriate content. It is our belief that our Customers deserve to keep their good reputation and image intact. To that end, this step provides the ‘Check-up’ on content being transmitted both internally and externally for a Corporation or Home that could be potentially damaging or illegal.

Results and Findings

The results from all phases of the ESA are gathered together and reported to the Customer using a simple letter grading scale. This scale reports all weaknesses found, their severity, and their associated risk to the Organization.

Learn More