Overview
In recognition of the increased threat to sensitive corporate data, Technology First offers advanced assessments in risk identification and mitigation.
Our assessments, conducted by highly qualified and experienced consultants, take an holistic view of the risks to organisations information assets covering the technical, procedural and human elements of Information Security. Results are presented in a clearly written report consisting of an executive summary and technical assessment with prioritised action items.
Our consultants combine multiple years of Information Technology and business management experience with internationally recognised security certifications to ensure clients receive exceptional value from our services. Certifications held include CISA, CISSP, ISO 27001 lead auditor, and CPTS covering information technology auditing, security management, international best practice and penetration testing.
We have an extensive range of public and private sector reference customers from sectors
such healthcare, education, telecom, manufacturing and information technology
Perimeter Assessment
Assuming limited knowledge of the environment we use a structured methodology to assess the external perimeter of the organisation in the same manner that a sophisticated external attacker would. The four phase methodology progresses from initial Information Gathering using Internet based resources through Network Scanning, Vulnerability Research, to Exploitation of vulnerabilities and circumvention of security mechanisms. |
|
Our assessments cover the following:
 |
Network and Host Enumeration |
|
Network Scanning and Probing |
|
Vulnerability Investigation |
|
Exploitation of Vulnerabilities |
|
VPN Testing |
|
Firewalls and Filtering Routers |
|
Web Services |
|
E-mail Servers |
|
War Dialling |
|
Remote Access Testing |
|
 |
| Internal Assessment |
| Our internal assessment provides a comprehensive view of the status of internal controls around the Confidentiality, Integrity and Availability of systems and data. This involves assessing security management practices, deployed technology, device configurations, physical security measurers, business continuity and incident response capability. |
|
Possible internal security risks
examined include: |
|
Policy and Procedures |
|
Internal Hacking |
|
Vulnerability Scanning |
|
Network Devices |
|
Servers |
|
Password Security |
|
Active Directory |
|
E-mail Protection |
|
Firewalls |
|
|
