Overview
Enterprise Security Audit
The Enterprise Security Audit (ESA) is an audit of IT operations from a cybersecurity perspective. It is based on the Center for Internet Security Critical Security Controls. It is a critical first step towards achieving a secure and mature enterprise environment. We recommend this service first.
Many cybersecurity organizations will gladly run a “security scan” and then deliver a lengthy, incomprehensible report. While this may satisfy a compliance requirement, it does little to actually ensure the security of your network. Cybersecurity extends through multiple domains. We understand all of the areas involved and work with your team to ensure a comprehensive assessment for all of your cybersecurity needs.
Highlights
- Highly trained and certified team
- Proven methodology
- Clear & concise reports with prioritized, actionable items
- Discounted Rerun Option for a rerun of the audit after you fix identified problems
Deliverable
- Report
- Report Findings Review with your team via an online session
Guarantees
If we do not find at least one vulnerability with a risk rating of Low or greater, we will refund 100% of your money, minus any incurred expenses.
Our ESA covers the Top 20 Critical Security Controls, but focuses on the Top 6 Controls, known as the Basic CIS Controls. Roughly 90% of attacks are successful because organizations do not have a grasp on these Top 6 Critical Security Controls. These first six controls help develop immediate and effective defenses against threats of cyber-attack. These controls consider the following questions:
- Do we have hardware assets inventoried? Do we know how systems are interacting with each other?
- Do we know what software is running (or trying to run) on our systems and networks?
- Are our Vulnerability Management and mitigation practices cyclical, effective and commensurate with the threat landscape?
- Are we limiting and tracking the people who have the administrative privileges to change, bypass, or override our security settings?
- Are we using secure configurations for hardware and software on all organizational assets?
- Are we collecting, maintaining, monitoring, and analyzing our audit logs?
The people, processes, and technologies should all be assessed to ensure you have a cybersecurity posture appropriate to your risk tolerance. Many organizations focus on the technical aspects of cybersecurity and ignore the policies, processes, and procedures. Our ESA helps identify deficiencies in these areas.
In addition to making your more secure, our ESA Documentation Review helps you with documentation required for compliance audits, such as PCI DSS, HIPAA, NIST, and FISMA.
After our ESA you will have in your hands a prioritized list of recommendations that are based on real and timely threat intelligence, rather than antiquated best practices. Our report removes the “fog of more” and simplifies the steps required to achieve a secure environment.
You get three items:
- ESA Report
- ESA Report Findings Review with your team via an online session
- Discounted Rerun Option for a rerun of the ESA after you fix identified problems
Sample graph from the ESA Report, showing the Critical Security Control compliance breakout by category
1. ESA Report
After the ESA is completed, we provide a comprehensive findings report that outlines the areas you need to fix to improve security. The Enterprise Security Audit Report is used to identify areas in your enterprise environment that can be improved by the implementation of the Critical Security Controls. Included within this report are scorecard results, helpful examples, recommendations, and an appendix of references. Overall, the report provides a baseline from which you can improve your security posture using tangible steps in a prioritized, risk-based manner.
2. ESA Report Findings Review
We schedule an online session with you where we walk through the report with your team and answer any questions about the findings, our methods, or the steps required for remediation. Many competitors deliver a confusing lengthy report at the end of the engagement for you to decipher. Our ESA report review adds tremendous value because we can clarify findings and remediation steps.
3. Discounted Rerun Option
How do you know the steps you took to fix our ESA report findings actually met the audit requirements? Validation removes the guesswork. When you’re ready, after addressing the issues identified in the ESA report, we offer a deep discount to rerun the ESA audit. This is a crucial and often overlooked step in this process. Validating documented processes, procedures, policies, and security controls is extremely important. We have discovered numerous organizations that thought they fixed a finding we identified, only to discover after another audit that the finding was still there.
