• Introduction
• Strategic IT Consulting
• Identity & Access Management
• Security Assessment
• Introduction
• Social Engineering
• Computer & Network Forensics
• Technical Security
• Security Auditing
• Ethical Hacking
• Secure Wireless
• Secure Infrastructure
• Application Development
• Managed Services

Potential impact factors include:

• Loss of Business/profit
• Loss or disruption of service
• Loss or corruption of data
• Potential for Fraud
• Revenue Assurance
• Brand Damage
• Indemnity
• Breach of Confidentiality
• Legal or Regulatory Exposure (e.g. Data Protection)
• Where applicable, non-compliance to standard (ISO-27001, Sarbanes-Oxley, PCI-DSS)

When devising strategy and deploying solutions, it is important to understand that not all security weaknesses are technical and to manage the risk associated with the bigger picture. Using a threat based approach, the Ward Solutions security assessment takes a broad view assessing both the technical and non-technical risks to provide you with a well-informed view of your security posture.

Threat based Risk Assessment combined with our vulnerability and penetration testing capabilities make Ward Solutions the most comprehensive Security Assessment available on the market and enables you to gain a well-informed true view of your security posture.

The approach taken by Ward Solutions is to first understand the Scope, Business Environment and Customers perceived threats. The scope of the Security Assessment may be a specific application, the internet perimeter, your overall company business, or defined as part of the engagement. A thorough understanding of the Business Environment is then obtained, including Core Business Functions, nature of the data and its sensitivity, high value assets and the perceived threats to the environment. Both technical and non-technical risks are assessed.

For technical assessment, information required includes network architecture, device and server inventory, software inventory, database inventory, software flows, security controls including firewall rule base currently in place, connections to business partners, WAN Links, interconnection between internal and external systems and other relevant information as required.

Non technical information gathered includes descriptions of working practices, copies of all company security policies, procedures, standards, personnel security and training, media storage backup and removal and any other relevant information,

If warranted, a Ward Solutions Technical Penetration test may be encompassed into the assessment. All issues are analyzed and assigned a perceived severity. The perceived severity is derived based on a combination of the potential impact should the event occur and the likelihood of the event occurring.

The outcome of the security assessment is documented in a comprehensive report. This report details the Key Findings in addition to a table of issues found, detailed steps on how to resolve each issue, and the perceived severity. Each issue/risk is identified with a unique tracking number. The report is presented to the client and also informal discussions held to ensure a full understanding of all issues.