• Operate effectively and provide appropriate confidentiality, integrity, and availability
• Protect information commensurate with the level of risk and magnitude of harm resulting from loss, misuse, unauthorized access, or modification.

A Network Security Assessment may include:

• A review of the People and Process related security framework including policies, organization, personnel, asset identification and control, risk assessment and minimization, physical security, access control, network and computer management, business continuity, Systems Development methodology, best practices, and regulatory compliance.
• A review of the overall enterprise architecture to determine how effectively it protects trusted networks from less trusted networks.
• A review of your internal network design to determine how effectively it segments assets and access based on business function and a need to know.
• A review of your internal network design to determine how effectively it segments assets and access based on business function and a need to know.
• A Network Vulnerability Assessment (see below).
• A Network Audit (see below).
• A formal report detailing the findings of the Assessment including detailed recommendations for short and long term improvements.
• Provide the customer with project status reports.

• A review of the overall enterprise architecture to determine how effectively it protects trusted networks from less trusted networks.
• A review of your security devices to determine if their methods of use or configuration could cause undesirable security exposure.
• A Vulnerability Assessment designed to exercise all security components in an attempt to gain unauthorized access to your network.
• An Ethical Hacking exercise that leverages the results of the Vulnerability Assessment to better gauge the exposure of key assets.
• A formal report detailing the findings of the Vulnerability Assessment. Generally, a Risk Mitigation Plan is developed that prioritizes the Vulnerability Mitigation and provides detailed information on how to mitigate each vulnerability.

Internal:

Statistically the likelihood of a "cyber- incident" originating externally is approximately 25%. The remaining attacks are from the inside (employees, contractors, consultants). Accordingly, Vulnerability assessments are increasingly including an internal component.

An internal Network Vulnerability Assessment gauges the current vulnerabilities which are visible internal to the network and assures that:

• You see your network vulnerabilities from the same perspective as an internal hacker (disgruntled employee, industrial espionage).
• You determine the mechanisms that an internal hacker would most likely use to attack key assets and fix these issues prior to an actual attack.

An internal Network Vulnerability Assessment may include:

• A review of the People and Process related security framework including policies, organization, personnel, asset identification and control, risk assessment and minimization, physical security, access control, and network / computer management.
• A review of any internal security devices to determine if their methods of use or configuration could cause undesirable security exposure.
• An internal Vulnerability Assessment designed to exercise all security components and evaluate the configuration of key systems in an attempt to gain unauthorized access to key systems and assets.
• A formal report detailing the findings of the Vulnerability Assessment. Generally, a Risk Mitigation Plan is developed that prioritizes the Vulnerability Mitigation and provides detailed information on how to mitigate each vulnerability.

While wireless networking can simplify the deployment of connectivity and provide a greater level of convenience for mobile workers, it is a fundamentally insecure technology. A third or more of deployments are done in a vendor default mode and fully expose the internal network to access by any individual with a network-enabled mobile device. Even when fully secured by Wireless Encryption Protocol (WEP) an initiation key vulnerability allows for the key to be deciphered in a fairly short time frame by a moderately skilled hacker. A Wireless Network Security Assessment gauges the current organizational risk associated with the use of Wireless networking and assures that: