Ethical Hacking
What is an ethical hacker?
An ethical or "white hat" hacker is an excellent way to analyze your
systems vulnerabilities from the outside. Companies are
electronically attacked daily. One only need read the technology
headlines on any major web site to see how serious this issue has
become in our computer reliant world. And the hacking attempts
don't just come from the outside. It is estimated by the CSI/FBI
that 60% of all computer crime attempts are committed by internal
employees. For this reason all of your systems need to
be as secure as those you place on the Internet.
How does Information Risk Group perform its analysis?
Information Risk Group proprietary Attack and Penetration Methodology
(APM) is designed to provide maximum results with minimum system
impact. Working closely with the your staff, our security team
attempts controlled penetrations of your networks and other points of
access. Controlled penetrations are designed to due no harm
to your systems. If at
any time either IRG believes that a system or network may be placed in
an
unstable state, IRG will request specific permission to continue before
moving
forward with the attack from the customer. This ensures maximum
uptime
for your systems and prevents outages that may affect your companies
customers.
The following 4 steps outline how IRG performs this service.
- Identify and Confirm - Systems to be assessed to
ensure we are working solely with the systems outlined in the contract.
- Externally Assess each system through a "footprint"
analysis.
- Attempt targeted penetration and intrusion on
discovered networks, systems and applications.
- .Verify and report on all findings
What results can you expect?
Information Risk Group staff remains in contact with the customer
throughout the entire engagement. In the event a serious
misconfiguration or vulnerability is discovered it will be immediately
reported to the customer for remediation. All findings are
verified to the best of our ability to prevent "false positive"
reporting. IRG also rates each finding
on two levels: ease of repair and difficulty to perform exploit.
This
allows you to concentrate on which problems you can fix given your
resources.
Please contact us with any questions you may have on this subject or
any other service Information Risk Group offers.
Information Risk Group LLC
3220 Henderson Blvd.
Tampa, FL 33609
E-mail: inforisk@inforiskgroup.com
Offering Information Security and Risk Management services to
companies throughout the Americas.
|
