IT Health Checks
An IT health check is a security audit of an organisation's IT systems usually involving penetration testing of the client's systems from various different attacker perspectives and scenarios. For more information about IT health check's performed under the government's CHECK scheme, see CESG CHECK Service Providers. An IT healthcheck will assess whether vulnerabilities exist in target systems and networks which could affect the confidentiality, integrity and availability of the data stored within those systems/networks. Typically this will involve a security review of multiple areas to gain an overall picture of the security posture of an organisation.
These might include a combination of internal/external (Internet-facing) network pen testing, wireless testing, server build reviews, firewall rulebase reviews, database security audits, social engineering and web application pen testing. The results of the IT healthcheck are then compiled into a report with sections identifying security vulnerabilities in each component of the test. Healthcheck reports have an executive summary for a non-technical audience followed by the technical details of vulnerabilities identified and how to remedy them.
A healthcheck of your IT systems can help to answer the following questions (amongst others):
- Can a hacker on the Internet gain access to your IT systems?
- Can a competitor hack into your networks?
- Can an internal employee gain access to sensitive information on your network?
- Can an attacker with access to your Internet facing systems access internal networks?
- If a laptop was stolen, could information be retrieved by an attacker?
- Can outsiders hack into your wireless networks?
Since an organisation's security posture is continually changing, IT health checks are best undertaken as a regular activity to ensure that changes to critical network infrastructure and web content have not introduced security holes which could be exploited to gain access to your network. ReactionIS offers industry leading, cost-effective IT health check and penetration testing services at competitive rates. Our consultants have decades of experience in penetration testing and ethical hacking.
Annual IT health checks are essential in many regulatory standards including PCI, ISO 27001 or GSI/GCSX/GSX CoCo (code of connection) compliance. ReactionIS currently work with many clients to help secure their information assets and assist with compliance to regulatory standards.
Please get in touch for more details.