Know your Environment!
Information technology systems are typically complex solutions that include various technologies and products, implemented over time with components added as new needs arise. In order to identify security weaknesses and vulnerabilities, Secure Ideas recommends performing a security assessment to obtain a complete understanding of the environment. Unlike a penetration test, which is adversarial and invasive, a security assessment is a cooperative exercise in which Secure Ideas works with clients to review each component of the environment, evaluating the architectural design and controls that encompass the overall security posture.

Our Goal
Interview Topics
A security assessment allows Secure Ideas to perform an analysis of technical architecture by reviewing documentation and conducting interviews. The interviews will focus on understanding a client’s design and the reasons for various design decisions. Each interview will consist of one Secure Ideas staff member interviewing the client’s relevant personnel for between 60 and 90 minutes via phone conference call, or in some cases, onsite at a suitable client location. Topics covered in security assessments reviews generally include:
- Authentication & Access Control
- Encryption and Key Management
- Security Policy Enforcement
- Password Management
- Security Event Logging
- Intrusion Detection/Prevention Systems
- Firewall Configuration and Policies
- Operating System Configuration


Authentication & Access Control


Encryption and Key Management


Security Policy Enforcement


Password Management


Security Event Logging


Intrusion Detection/Prevention Systems


Firewall Configuration and Policies


Operating System Configuration
Testing Credits
Shifting left is critical to the continued security in organizations. Most development is made better by moving security earlier in the process. But the traditional penetration testing of web applications and APIs doesn't fit well in the earlier stages of the software development lifecycle (SDLC).
Secure Ideas has created a process of testing credits to help solve these issues (especially when paired with SASTA). An organization can purchase credits to use over the next 24 months. Combined with a self-scoping system, these credits allow an organization to work with Secure Ideas within their development processes.
.png?width=101&height=101&name=si-lock-red%20(3).png)
.png?width=101&height=101&name=si-lock-red%20(3).png)
.png?width=101&height=101&name=si-lock-red%20(3).png)
.png?width=101&height=101&name=si-lock-red%20(3).png)
Scoping
Secure Ideas’ pricing for this service is determined based on the size of the organization, the number of relevant IT personnel and departments needing to be interviewed, and the amount of documentation to be analyzed. The following is base pricing for a security assessment, but coping discussions are paramount in determining the effort required.
Size of Organization | Price-range | |
---|---|---|
Small | $14,400 | |
Average | $19,200 | |
Large | $24,000 |