Posts Tagged ‘Test de sécurité interne’

February 11th, 2011

IT threat: Managing disgruntled employees

If you are wondering what the difference is between an external and internal pen test is or what the benefits of an internal test are, this excellent article might shed some light on those question for you.

« While it’s commonplace to fear hackers, we are now being told to worry more about internal security than external; that our own people are a greater threat than outsiders. The people on the inside aren’t more hostile, they just have more access. Realistically, the vast majority of employees from your organization are well-meaning, honest people. Your company is far more likely to be a victim of an “oops” than an attack by a determined and hostile insider. An insider could access private and/or sensitive information. How do you manage a situation where a trusted insider has gone rogue? » The rest of the article here.

If you have interested in having an internal security test done on your infrastructure, email info@virtualguardian.ca.

March 9th, 2010

Internal security test

A security test is the most effective way to test the limits of any system. The internal security test simulates an attack from an internal source such as a malevolent employees with or without the necessary credentials to roam the company’s IT network. Which systems or what data could potentially be compromised by such an act and could the company’s reputation be affected? The results of this test will give you a very clear vision of your systems strengths and weaknesses enabling the company to make a better judgment call regarding resource allocation to resolve the situation.

Objective:

To verify the integrity of the systems in place and to recommend suitable corrective measures and or improvements.

This test consists of:

  • Examination of the IT policies and procedures
  • Systematic examinations of the company’s IT infrastructure
  • Evaluation of the network’s architecture
  • Complete analysis of the network using the OSSTMM and/or ISO 17799 methodologies

This test includes a “Vulnerability report”, which includes :

  • A fully detailed assessment of each of the vulnerabilities discovered on your systems with details and references. Each vulnerability will also be associated to a level of risk inherent to the severity of the breach.
  • Recommendations in order provide adequate and thorough solutions to the problems arising from the vulnerabilities discovered. The recommendations are adapted according to the type of network and the industry’s best practices.
  • An executive summary in layman terms.
  • Presentation and explanation of the report.

For further information, feel free to contact us.

Download the PDF version