Should We Be Performing A Network Security Scan?
By: Bruce G. Kreeger
A network security audit helps to determine the effectiveness of network security in resolving underlying network security issues. Network security audits are critical to understanding how well your organization is protected against security threats, whether internal or external. A network security audit is part of an overall information systems audit framework and includes application software audit, operation system audit, and business audit.
The network security audit must be reviewed in two aspects. The first aspect being static data, such as protocols used, system definitions, password rules, firewall definitions, and the like, whereas the second aspect of this kind of data security software deals with the activities that have taken place. Modifications of files, transfer of files, access to databases, and when and where users log on are just some of the more common items viewed in the network security audit.
At Clarity, our Security Audits are based on industry-accepted standards such as BS7799:
1. BS7799 was a standard originally published by BSI Group (BSI) [1]in 1995. It was written by the United Kingdom Government’s Department of Trade and Industry (DTI) and consisted of several parts. The first part, containing the best practices for Information Security Management, was revised in 1998; after a lengthy discussion in the worldwide standards bodies, it was eventually adopted by ISO as ISO/IEC 17799, “Information Technology – Code of practice for information security management.” in 2000. ISO/IEC 17799 was then revised in June 2005 and finally incorporated in the ISO 27000 series of standards as ISO/IEC 27002 in July 2007. BSI first published the second part to BS 7799 in 1999, known as BS 7799 Part 2, titled “Information Security Management Systems – Specification with guidance for use.” BS 7799-2 focused on how to implement an information security management system (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became ISO/IEC 27001. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming quality assurance model), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005. BS 7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.
We also follow CoBIT:
2. COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance. [1]
The framework defines a set of generic processes for IT management, with each method defined together with process inputs and outputs, key process-activities, process objectives, performance measures, and an elementary maturity model.[1]
3. We adhere to legal requirements specific to the industry and country. The auditing approach is designed to cover all security aspects, including People, Processes, and Technology. Our consultants are certified professionals with all the relevant security certifications such as CISSP, CISA, ISO 27001.
4. Clarity’s primary compliance model is based on an ISO2701/IEC compliant Network Security Scan.
Clarity’s Audit Process bases the audit on the nature of data handled by the network and the level and extent of security required, as specified by the overall corporate network security policy.
The audit process entails a thorough review of the network, including the system architecture, the use of software and hardware, the relevance of the tools used to perform specific actions, the connections to external networks, access control and privileges for users, the nature of checks and balances in place, and more.
A periodic network security audit is indispensable for the smooth and seamless functioning of networks. In an increasingly connected world, where businesses’ very existence depends on real-time interactions with suppliers, customers, and others, this becomes a fundamental exercise to protect business-critical information
Clarity is proud to have been providing Network Security Services, including Network Security Assessments and Firewall Systems , to the Americas for many years , including clients Worldwide offering our unified communications platform. Clarity Technologies Group, LLC surpasses expectations.
Call Clarity at 800-354-4160 today or email us at [email protected]. We are partnered internationally around the globe and we are open seven days a week 8:30 AM to 5:00 PM EST/EDT. http://45.33.92.219 and https://dotmantech.com.