Security Audit

The main purpose of a security audit is to discover weak points in the architecture of your IT infrastructure. Such weaknesses quite often remain undiscovered after a penetration test, as the main purpose of penetration test is to bypass existing security mechanisms, but not to check the entire architecture. Good examples of problematic areas include local antivirus policies, user privilege separation, backup storage and information encryption.

Our security audit includes assessments of:

  • Network Architecture and Configuration;
  • Hardware Firewalls and Routers Configuration;
  • User Authentication and Access Management;
  • Updates and Patches Management;
  • System Configuration;
  • System Services and Applications Configuration;
  • Antivirus Software Management;
  • Confidential Data Handling and Encryption;
  • Backup System Management;
  • Local Security Policy Review;
  • Presence and Qualification of Internal Incident Response Team;
  • Physical Security.

Our comprehensive security audit will discover vulnerabilities and weaknesses in your infrastructure. Our documented results will identify the IT threats and risks, including business processes, for their reduction and elimination.

Penetration Testing

A security penetration test is a simulation of a hacker attack on a network, system, application or website, used to discover existing vulnerabilities and weaknesses before hackers find and exploit them. In other words a penetration test is an independent security evaluation of your IT infrastructure.  This is sometimes called "ethical hacking".

Mighty Oaks' CISSP security experts use penetration testing methodologies and standards. Each vulnerability discovered during our penetration testing will be assessed, prioritized, and come with an appropriate recommendation on how to eliminate it.

Upon completion of our penetration testing, the client will be provided with two levels of reports, a summary report suitable for management that describes the work done and recommendations at a high-level, and a detailed report that details the performed work, the details of the identified vulnerabilities, and the proposed recommendations to improve security.
Security Platforms