{"id":1746,"date":"2016-10-26T15:43:13","date_gmt":"2016-10-26T15:43:13","guid":{"rendered":"https:\/\/tsisupport.com\/?p=1746"},"modified":"2021-07-07T04:52:40","modified_gmt":"2021-07-07T08:52:40","slug":"understanding-security-assessments","status":"publish","type":"post","link":"https:\/\/tsisupport.com\/tsistaging\/?p=1746","title":{"rendered":"Everything You Need to Know About Network Vulnerability Assessments"},"content":{"rendered":"

It may come as of little surprise that security breaches hurt small business much more than larger corporations. According to the National Cybersecurity Alliance<\/a>, more than 70% of attacks target small businesses.\u00a0 It is also estimated that 60% of hacked small businesses experience devastating economic hardship, leading many to suffer a complete loss, closing their doors within six months following a breach. While discounting the need for security may save money in the short term, the cost of a security breach can range from a minor inconvenience, damage to reputation, and\/or loss of private customer data, fines related to failure to maintain HIPAA compliance, or as discussed, complete company closure.<\/p>\n

Unfortunately, most security breaches are often attributed to profound lack of awareness by management, through our years of experience, even internal IT Staff overlooked or missed very real threats to their business\u2019s network infrastructure.<\/p>\n

\n

\u201cWhile the speed of compromising a victim\u2019s network has drastically increased, the rate of discovery for an attack has continued to decline due to ever more sophisticated malware capable of avoiding detection for days.\u201d\u00a0<\/em><\/a><\/span><\/p>\n<\/blockquote>\n

What is a Security Assessment:<\/strong><\/span>\u00a0\u00a0 A proper Security Assessment will take the guesswork out of evaluating an organization\u2019s exposure to threats.\u00a0 The assessment will provide a complete picture of the risks facing the network.\u00a0 It is an invaluable tool for any organization that depends on IT systems and processes to operate, and is a key component to any IT strategy.<\/p>\n

\n

\u201cThe majority of breaches involve phishing as a means to install malware.\u00a0 Yet, with over 8 Million Phishing Tests conducted, 30% of recipients opened the message. Even worse, 12% followed through with clicking the malicious attachment or link provided, thus enabling an attack to succeed. Finally, only 3% alerted IT or management of a possible phishing email for investigation.\u201d<\/em><\/a><\/span><\/p>\n<\/blockquote>\n

TSI has been performing Security Assessments for over a decade.\u00a0 Our approach has always involved an organization\u2019s IT systems, processes, and users are aligned with the best processes that protect the network.\u00a0 We assess the company size, budget, and assets to determine the best solution.<\/p>\n

\n

\u201cThe result of our extensive assessments have found the largest discrepancies and disregard for security processes involved an organization\u2019s internal IT staff.\u201d \u00a0<\/em>Gerard Louise, CEO<\/span><\/p>\n<\/blockquote>\n

What a Real<\/em> Security Assessment Entails:<\/strong>\u00a0<\/span>\u00a0With attacks gaining ground, bypassing common fraud detection\/anti-virus protection, many organizations ask what they can do to protect their network?\u00a0 TSI believes the first step is in identifying vulnerabilities, as well as points where it is possible to gain access.<\/p>\n

Step 1:<\/strong><\/span>\u00a0\u00a0Similar to our Technology Assessments, our Security Assessment begin with interviewing the main Point of Contact within the organization.\u00a0 It is imperative that we understand the organization\u2019s business, goals, and any existing policies.\u00a0 Our security risk interview includes a multitude of questions related to the organization\u2019s products and services.\u00a0 Including:<\/p>\n

Access<\/span> \u2013 How user access is managed and who controls it?<\/p>\n

Compliance & Governance<\/span> \u2013 Is the company subject to compliance? Is the industry private or government?<\/p>\n

Backup & Disaster Recovery<\/span> \u2013 Detailing the practices surrounding data backup and storage.<\/p>\n

Internet & E-Mail Practices<\/span> \u2013 How is highly sensitive data transferred within the organization?\u00a0 Is all of the information protected and encrypted?<\/p>\n

Change Control Procedures<\/span> \u2013 Discuss practices surrounding steps and procedures for changes in management as well as who is authorized to revoke\/grant new permissions.<\/p>\n

Control of Services<\/span> \u2013 The amount of control the organization has over the functionalities of the services and products.<\/p>\n

Data Breaches<\/span> \u2013 Policies and Procedures established to protect against data breaches or other types of data compromises.<\/p>\n

Data Privacy<\/span> \u2013 Policies and Procedures implemented to maintain an appropriate level of privacy for customer data.<\/p>\n

Data Protection<\/span> \u2013 Discuss the steps that are taken to protect customer data from risks to confidentiality, integrity, and availability.<\/p>\n

Step 2:<\/strong>\u00a0<\/span>\u00a0Following the initial Security Interview and understanding the established policies (if any), we use a series of tools to scan the network.\u00a0 The intent of these scans are to determine what services or processes are running, that all software\/firmware versions are up-to-date, as well as network specific discovery scans.<\/p>\n

The results identify the level of security and the complete list of products that are deployed on the network with a correlating rating of effectiveness for Anti-Virus, Anti-Malware, Application Monitoring, etc.<\/p>\n

Another component to this process is to identify and inventory all software\/hardware collected during the scanning process.\u00a0 The documentation of these assets is critical to providing a complete picture of an organization\u2019s IT infrastructure and to evaluate which assets are considered critical for protection. All data is included in the compliance reports remitted to the organization at the completion of the assessment.<\/p>\n

Step 3:<\/strong><\/span>\u00a0\u00a0The most important aspects of the network security are reviewed during the third step of the process.\u00a0 The objective is to compare our findings with the industry standards to protect the organization\u2019s network, as well as providing security best practice recommendations, such as:<\/p>\n

Access Control Standards<\/span> \u2013 Access control standards for information systems are coordinated with management, they should incorporate the need to balance restrictions to prevent unauthorized access against the need to provide unhindered support services for the daily users.<\/p>\n

Remote User Access<\/span> \u2013 Remote access control procedures should provide adequate safeguards through robust identification, authentication, and secure encryption techniques for users who utilize open Wi-Fi networks.\u00a0 All activities performed by a remote user must be validated by the Access Control List and recorded in an audit activity log.<\/p>\n

Secure Unattended Workstations<\/span> \u2013 All equipment requires appropriate safeguards to prevent unauthorized access, especially when left unattended.\u00a0 Systems should have an automated process to logout after a set time of inactivity defined within the company policies.<\/p>\n

Manage Network Access Control<\/span> \u2013 Access to sensitive resources on a network must be strictly controlled to prevent unauthorized access as well.\u00a0 All computing and information systems, as well as peripherals, shall be restricted to only a few individuals, and audited\/reviewed often.<\/p>\n

Control Access to Operating System Software<\/span> \u2013 Access to operating system commands should always be restricted to those persons who are authorized to perform systems administration functions.<\/p>\n

Password Management<\/span> \u2013 The process of selecting passwords, their use, and management as a primary means to control access to systems should be strictly enforced through password best practice guidelines.<\/p>\n

Secure Against Unauthorized Physical Access<\/span> \u2013 Physical Access to Servers and Security Devices areas are always to be controlled by management.\u00a0 Staff with authorization to enter these areas should be provided with information on the potential security risks involved with entering.<\/p>\n

Restrict Access<\/span> \u2013 Setting appropriate levels of access controls is also paramount.\u00a0 This minimizes information security risks, while also allowing the organization\u2019s business activities to be carried without undue hindrance.<\/p>\n

Monitor System Access & Use<\/span> \u2013 All access\/use should be logged and monitored to identify potential misuse of systems or information.<\/p>\n

Data Protection<\/span> \u2013 Protecting Proprietary Data, while in storage, as well as in transit to a backup solution need to be protected from malware attacks.<\/p>\n

Give Access to Files & Documents<\/span> \u2013 Establishing appropriate access to information and\/or documents should be carefully thought out and controlled.\u00a0 This approach ensures that only authorized personnel may have access to sensitive information, thus limiting exposure in the event of a breach.<\/p>\n

Step 4:<\/strong>\u00a0<\/span>\u00a0The final report of the Security Assessment outlines the findings, while also establishing the gaps between the state of the organization\u2019s current security\/protection, and our recommendations.<\/p>\n

The report clearly indicates if the current approach is adequately keeping the organization safe and secure.\u00a0 Any recommendations for improvement have a detailed outline attached explaining the discrepancy.\u00a0 In addition, one of our technical experts normally walks through the report in person to answer any questions or concerns.<\/p>\n

Ultimately the report creates a roadmap to a secure business, providing evidence to support security program budget allocations and investments. Many of our clients have used the report to design or update their Internet Security policies, develop security awareness training for their staff, or implement periodic security reviews and update security software used within their organization.<\/p>\n

\n\t
\n\t\t\t\t\t\t\t\t
\n\t\t\n
\n\t\t\t
\n\t
\n\t
\n\t\t

\n\t\tConfident with Your IT Strategy?<\/span>\n\t<\/h2>\n\t<\/div>\n<\/div>\n
\n\t
\n\t\t
\n\t

If you found the information in this blog post helpful and you'd like to discuss your business' technology strategy, then we'd be happy to hear from you.<\/p>\n<\/div>\n\t<\/div>\n<\/div>\n

\n\t
\n\t\t
\n\t\t\t\n\t\t\t\t\t\t\tGet in touch with tsi<\/span>\n\t\t\t\t\t<\/a>\n<\/div>\n\t<\/div>\n<\/div>\n<\/div>\n<\/div>\n\t\t\t
\n\t
<\/div>\n<\/div>\n\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n<\/div>
<\/div>\n","protected":false},"excerpt":{"rendered":"

It may come as of little surprise that security breaches hurt small business much more than larger corporations. According to the National Cybersecurity Alliance, more than 70% of attacks target small businesses.\u00a0 It is also estimated that 60% of hacked small businesses experience devastating economic hardship, leading many to suffer a complete loss, closing their…<\/p>\n","protected":false},"author":2,"featured_media":8478,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[20],"tags":[289,242,129,244,21,290],"acf":[],"yoast_head":"\nUnderstanding Network Vulnerability Assessments | TSI<\/title>\n<meta name=\"description\" content=\"Read this post to learn how cybersecurity breaches critically damage small businesses and what you can do to run effective security assessments.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understanding Network Vulnerability Assessments | TSI\" \/>\n<meta property=\"og:description\" content=\"Read this post to learn how cybersecurity breaches critically damage small businesses and what you can do to run effective security assessments.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tsisupport.com\/tsistaging\/?p=1746\" \/>\n<meta property=\"og:site_name\" content=\"TSI Support\" \/>\n<meta property=\"article:published_time\" content=\"2016-10-26T15:43:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-07T08:52:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/10\/Header-1140x378-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"340\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Roger Murray\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Roger Murray\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1746\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1746\",\"name\":\"Understanding Network Vulnerability Assessments | TSI\",\"isPartOf\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1746#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1746#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/10\/Header-1140x378-1.png\",\"datePublished\":\"2016-10-26T15:43:13+00:00\",\"dateModified\":\"2021-07-07T08:52:40+00:00\",\"author\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/5eed34ada00b62f24100bd841a4f62e9\"},\"description\":\"Read this post to learn how cybersecurity breaches critically damage small businesses and what you can do to run effective security assessments.\",\"breadcrumb\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1746#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tsisupport.com\/tsistaging\/?p=1746\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1746#primaryimage\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/10\/Header-1140x378-1.png\",\"contentUrl\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/10\/Header-1140x378-1.png\",\"width\":1024,\"height\":340},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1746#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tsisupport.com\/tsistaging\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Everything You Need to Know About Network Vulnerability Assessments\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#website\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/\",\"name\":\"TSI Support\",\"description\":\"TSI - Technical Support International\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tsisupport.com\/tsistaging\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/5eed34ada00b62f24100bd841a4f62e9\",\"name\":\"Roger Murray\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/02eb44ce8ff599f733f8d322316f904d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/02eb44ce8ff599f733f8d322316f904d?s=96&d=mm&r=g\",\"caption\":\"Roger Murray\"},\"url\":\"https:\/\/tsisupport.com\/tsistaging\/?author=2\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Understanding Network Vulnerability Assessments | TSI","description":"Read this post to learn how cybersecurity breaches critically damage small businesses and what you can do to run effective security assessments.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Understanding Network Vulnerability Assessments | TSI","og_description":"Read this post to learn how cybersecurity breaches critically damage small businesses and what you can do to run effective security assessments.","og_url":"https:\/\/tsisupport.com\/tsistaging\/?p=1746","og_site_name":"TSI Support","article_published_time":"2016-10-26T15:43:13+00:00","article_modified_time":"2021-07-07T08:52:40+00:00","og_image":[{"width":1024,"height":340,"url":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/10\/Header-1140x378-1.png","type":"image\/png"}],"author":"Roger Murray","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Roger Murray","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1746","url":"https:\/\/tsisupport.com\/tsistaging\/?p=1746","name":"Understanding Network Vulnerability Assessments | TSI","isPartOf":{"@id":"https:\/\/tsisupport.com\/tsistaging\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1746#primaryimage"},"image":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1746#primaryimage"},"thumbnailUrl":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/10\/Header-1140x378-1.png","datePublished":"2016-10-26T15:43:13+00:00","dateModified":"2021-07-07T08:52:40+00:00","author":{"@id":"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/5eed34ada00b62f24100bd841a4f62e9"},"description":"Read this post to learn how cybersecurity breaches critically damage small businesses and what you can do to run effective security assessments.","breadcrumb":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1746#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tsisupport.com\/tsistaging\/?p=1746"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1746#primaryimage","url":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/10\/Header-1140x378-1.png","contentUrl":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/10\/Header-1140x378-1.png","width":1024,"height":340},{"@type":"BreadcrumbList","@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1746#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tsisupport.com\/tsistaging\/"},{"@type":"ListItem","position":2,"name":"Everything You Need to Know About Network Vulnerability Assessments"}]},{"@type":"WebSite","@id":"https:\/\/tsisupport.com\/tsistaging\/#website","url":"https:\/\/tsisupport.com\/tsistaging\/","name":"TSI Support","description":"TSI - Technical Support International","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tsisupport.com\/tsistaging\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/5eed34ada00b62f24100bd841a4f62e9","name":"Roger Murray","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/02eb44ce8ff599f733f8d322316f904d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/02eb44ce8ff599f733f8d322316f904d?s=96&d=mm&r=g","caption":"Roger Murray"},"url":"https:\/\/tsisupport.com\/tsistaging\/?author=2"}]}},"_links":{"self":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/posts\/1746"}],"collection":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1746"}],"version-history":[{"count":0,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/posts\/1746\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/media\/8478"}],"wp:attachment":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}