Assessments

Pinpoint vulnerabilities, define compliance standards and identify social engineering attack gateways with our cutting edge assessments.

A lean security review will identify common, often easy-to-fix security problems. Once those are addressed, however, it is wise to take a more intimate look at the potential flaws that may exist within your environment. Our experienced staff has performed numerous security assessments for organizations of all sizes and have, on multiple occasions, identified security holes that could have led to major data breaches for those companies.

While most security consultants utilize similar state-of-the-art technologies to perform assessments, we stand above and beyond our competitors because we combine that technology with years of experience and the “part of your team” mentality. We want you to understand the “how,” “what,” “where,” “who,” “when” and “why” of your potential security issues and the environment in which they exist. We are aware that not every flaw is fixable and when those cases are identified, we work with you to determine alternate methods of protection.

Types of assessments we offer

  • Network Vulnerability
    This offering consists of an assessment of all devices accessible on your network. Systems are analyzed for all versions of operating systems and applications. If credentials are supplied, the accuracy of the assessment increases and configuration analysis also becomes possible. The complexity of this assessment grows with the number of IP addresses and network segments in use.
  • Web Vulnerability
    A web vulnerability assessment analyzes web servers and the applications running on them. Because of the immense popularity of the web, attacks have now shifted to abusing web architecture. Since these issues are not detectable with a traditional network vulnerability scan, a web vulnerability scan is required. The scoping process focuses on complexity of design and the ability to run long-term tests.
  • Public Data
    Going deeper than a basic public data review, this assessment focuses on data leaked by former employees and how additional private information might be lost, purposefully or accidentally, in the future. Multiple sources are leveraged in this analysis and the information discovered is prioritized against business goals.
  • Strategy
    A strategy assessment directly feeds from other assessments. Once we understand your current IT infrastructure and planned security projects, we can identify gaps and build a mutli-year plan to efectively improve your security posture. This is often combined with network and web vulnerability assessments, but can draw from others as well.
  • Compliance
    A compliance assessment considers the regulations affecting an organization and provides an idea as to how compliant the organization is. To reduce cost, it does not cover every requirement, but focuses on the most common issues. If you require them, however, full-scale assessments are available. Common compliance assessments include PCI, HIPAA and FDIC audit preparation.
  • Social Engineering
    Social engineering attacks involve your technology, but their true targets are your employees. Assessing susceptibility to social engineering is very different from other assessments. Due to this, RJS has partnered with the experts at Social-Engineer.com to provide the best social engineering assessment available, but within the Lean Security model. It truly is the best of both worlds.
  • Database Vulnerability
    This analysis focuses on specific database technologies like Oracle or Microsoft SQL Server. Common configuration problems are detected at several layers – from network to operating system to database-specific controls.