security assessments

How secure is your IT network? Does it meet new standards like PCI DSS?
How good are your security policies and procedures?

NCI’s Security Assessment Services can be as basic or comprehensive as you require. We help our clients:

• Identify and address security issues and vulnerabilities;
• Streamline the efficiency and effectiveness of current systems;
• Refine security policies;
• Develop business continuity and disaster recovery procedures and plans.

Our in-depth security experience enables you to select from several different levels of assessments that will identify weaknesses within your security strategy and prepare you for a security audit and compliance to a standard like PCI.

Vulnerability Assessment

The most common of security assessments, the VA generally provides in-depth and valuable information regarding the weak or vulnerable aspects of your external security policy.  Typically, NCI would scan any Internet available IP address for any vulnerability that may exist.  As a premium security provider, NCI does far more than simply scan IP addresses - NCI takes time to finger print the customer, use multiple tools, from different ISPs, over several days or weeks and researching known vulnerabilities.  We don’t just use one tool like our competitors.

Penetration Testing

A Penetration Test determines if a specific target can be compromised.  Usually done without prior knowledge of the environment, it involves scanning for potential security holes. Holes that are discovered are exploited in order to compromise the target and thereby prove that vulnerability exists. These vulnerabilities, once identified, can be remedied. These tests are usually only used as quick spot checks, or as a test of incident response readiness. They do not comprehensively identify all potential weaknesses.  Penetration tests are highly technical and can involve manipulation of systems at the kernel level.  Don’t worry – we work directly with you and your IT team to ensure that no business critical systems are affected.

Periodic Vulnerability Scans

NCI offers a scheduled Vulnerability Scan which can be done from outside of your network to probe for new hosts, new inbound services, or insecure firewall rules. This automated utility does not require setup on the customer site. Scans can be scheduled weekly, monthly, or quarterly. 

Security Assessment

The Security Assessment takes the investigation one step further to include non-technical policies, procedures, and documentation.  The Security Assessment includes a full review of the network and system architectures (anti-virus, IDS/IPS, firewall, servers, desktops, switches, routers, etc.), and configuration reviews of critical information systems components. It also involves interviews with staff, and a review of physical plant security and access controls. A Security Assessment provides the best understanding of the security posture of an organization since it touches on all aspects of the environment that relate to its information systems.  An NCI Security Assessment provides an independent review of how an organization’s security compares to industry best practices, and prioritizes issues to be addressed in a security improvement program.

Specialized Security Assessment

The type of activity done in a Security Assessment can be narrowed to a specific network component, such as a critical system asset. Firewall Assessments, IPS Assessments, and Network Assessments for example, follow the same approach as a full Security Assessment, but are focused on these specific components. Such an assessment takes less time than a full Security Assessment, but does not provide as comprehensive a report.

Application Vulnerability Assessment

As organizations begin to develop web-based applications for users, remote access, B2B communication and other custom portal type applications there is increased risk of opening security holes. An NCI assessment will review not only the application but the data flow for potential security risks/breaches.