Who Conducts the Assessment?
Seasoned information security professionals. Innotech performs hundreds of these assessments annually; each customized to the organization we assess.
What Regulatory Organizations Require or Promote this Type of Assessment?
- GLBA (Banking)
- NCUA (Credit Unions)
- HIPAA (Healthcare)
- SOX (Financial)
- PCI (Credit Card)
- SSAE16 (SOC 2)
How Exactly is Internal Vulnerability Assessment Done?
A Review of the Network Architecture and Management Practices
- Network Connectivity
- Remote Access
- Directory Services
- Servers and Storage
- Logging and Alerting
- Vulnerability Management
- Backup and Disaster Recovery
Vulnerability Scanning on the Internal Network
- Tests for password policies, system permissions, required auditing and system settings that are common in all networks
- Tests for user auditing settings, such as their password complexity and logging access failures and logons that are common in all networks
- Tests conducted against a database of 47,000+ known vulnerabilities
- Tests for the existence of sensitive files and data leakage
- Tests against known good configurations
Analysis of the Collected Vulnerability Data
- Risk analysis and quantification
- Removal of insignificant data from results
- Prioritization of the risks identified
- Recommendations for remediation and ongoing maintenance
How do I Get a Quote?
Talk to Innotech to make sure this is the right kind of testing for you as there are many different types of this testing that you may need to consider. Have ready the number of workstations, users and staff on your network.