Health checks are used to assess an organisation's exposure to IT threats and provide recommendations based on the outcome of detailed vulnerability analysis.
Routine vulnerability assessments are critical to an organisation's ability to identify and mitigate current cyber security threats to their IT environment. Vulnerability assessments consist of using specialist tools to scan an organisation's IT infrastructure to detect security weaknesses and flaws that can be rectified through maintenance and process review.
The vulnerability assessments consist of the following:
- Routine system checks
- Internal scans of an organisation's infrastructure including infrastructure patch levels, malicious software detection, anti-virus update levels
- External infrastructure scanning
- Current high-level security state and threat level reporting
- In-depth technical reports for IT teams
- Identification of organisation's data which is exposed to the public
- Logical and physical securities control assessments
- Open source intelligence gathering
Penetration tests are the second stage in the health check service offering and allow Mazars to demonstrate a client's state of vulnerability to IT threats by simulating cyber attacks against an organisation's IT environment. The Mazars InfoSec team will attempt to probe and breach a client's security infrastructure to discover and analyse any weaknesses in their cyber-defences and provide recommendations to mitigate any related risks.
The penetration testing phase includes the following elements:
- Incident response testing
- Internal/External vulnerability exploitation
- Social engineering attempts
- Logical and physical access tests
- High level reports
- Technical reports of IT teams