Architecture Review

Information technology systems are typically complex solutions that include various technologies and products, implemented over time with components added as new needs arise.  In order to identify security weaknesses and vulnerabilities, Secure Ideas recommends performing a security assessment to obtain a complete understanding of the environment.  Unlike a penetration test, which is adversarial and invasive, a security assessment is a cooperative exercise in which Secure Ideas works with the client’s staff to review each component of the environment, evaluating the architectural design and controls that encompass the overall security posture.  Topics covered in security assessments reviews generally include but are not limited to:

  • Authentication & Access Control
  • Encryption and Key Management
  • Security Policy Enforcement
  • Password Management
  • Security Event Logging
  • Intrusion Detection/Prevention Systems
  • Firewall Configuration and Policies
  • Operating System Configuration

Secure Ideas will perform an analysis of technical architecture by reviewing documentation and conducting interviews. The interviews will focus on understanding designs and the reasons for various design decisions.  Each interview will consist of one Secure Ideas staff member interviewing client personnel for between 60 and 90 minutes via phone conference call. 
 
Secure Ideas will evaluate the security of the client’s systems, and will provide a report which will include findings, vulnerabilities, and concerns associated with the infrastructure and applications, together with real world, practical recommendations for improving the security of the systems and procedures.