Zones logo

Security Assessments

Locking the door but leaving the windows wide open.

You're only as secure as your weakest point. In your complex organization, potential weak points abound. Only an independent, verifiable assessment of your infrastructure, applications, and loss recovery and security procedures can identify the hidden risks that leave your organization wide open to intrusion and regulatory non-compliance.

  • Zones partners with your security team to identify & prioritize critical vulnerabilities and risks for remediation
  • Compares against industry-standard benchmarks
  • Delivers recommendations on where to prioritize your resources and level of effort to remediate
  • Provides a step-by-step framework to help enhance your security posture based on your goals or compliance requirements

Network Risk and Vulnerability Assessment

Assess your network for potential risks through an analysis and review of your network and infrastructure systems including network topology, perimeter security, servers, and desktops.

  • Identify, categorize & prioritize present vulnerabilities that can be exploited.
  • Identify gaps in policies, procedures or regulatory compliance requirements.
  • Identify network deficiencies and correlate them to practical solutions.
  • Uncover specific security threats that may require penetration testing.

Data Loss Prevention Risk Assessment

Gain a comprehensive understanding of where data resides in the infrastructure and who has access to data, and identify potential threats and risks and how to best protect the environment from exploitation or data leakage.

  • Classify existing unstructured data by file type, age, usage and value to business
  • Gain insight into data aging, access patterns, and true data ownership.
  • Evaluate security policies by evaluating permissions for stored data.
  • Identify the current and ideal state of your data loss prevention program.

Penetration Testing

Penetration testing provides the client with the opportunity to reduce the risk of data loss via external threats. Penetration testing is used to validate security monitoring and assess the company's current incident identification and response procedures. This is a blind intrusion test that will assess the ability of the network to detect and respond to a potential attack from both inside and outside the physical network.

  • Review of network, operating system, application and endpoint security measures.
  • Assess the magnitude of potential business and operational impacts of successful attacks.
  • Enable compliance with industry-driven regulatory requirements
  • Provide evidence to support increased investments based on external, internal, or website application penetration testing.

Application Security Assessment

The Application Security Assessment identifies vulnerabilities in web applications and commercial applications including the risk of unauthorized access to critical data, intellectual property and application functionality. This assessment is designed to meet the best practices for application security including compliance to industry regulations like PCI, HIPAA and Red Flag.

  • Probe, identify and exploit systems with manual techniques and automated tools.
  • Attempt to escape out of network and application boundaries of the systems.
  • Attempt to gain unauthorized access to systems connected to the web application.
  • Run black box unauthenticated and authenticated testing using roles and workflows.
  • Evaluate source code, infrastructure, operating systems, and application functionality.

HIPAA Security Assessment

The Zones HIPAA Security Assessment is an in-depth appraisal of your organization's adherence to existing HIPAA policies and industry best practices identifying areas of weakness or non-compliance and provides a comprehensive roadmap to achieve and maintain compliance.

  • Understand gaps in regulatory compliance requirements.
  • Identify weaknesses in existing policies, procedures and standards.
  • Use the risk analysis prepared by experienced auditors to develop countermeasures in three areas - people, process and technology for HIPAA Security Rules requirements.
  • Receive a robust remediation project plan with dated documentation of your compliance and remediation efforts, related notes, and documents

PCI DSS Gap Analysis and Compliance Audit

Our PCI DSS Gap Analysis is designed to help clients where gaps in its security infrastructure are, prior to a full PCI DSS risk assessment. Our assessment services identify and scope the requirements for PCI compliance and it relates to the organization, its agencies, merchants and service providers.

  • Review of education and training of all stakeholders, network architecture, plus network and application security features.
  • Identify gaps in operational procedures, policy documentation and technical vulnerabilities as they relate to compliance requirements.
  • Receive robust recommendations report to fix gaps that would impact a full SAQ or QSA review