Security Assessment & Testing

Security assessment is the process whereby management is informed that the controls they have stipulated to mitigate their technology security business risks are in place, functioning as intended and can be relied upon. FDC Associates is expert in providing management with these assurances.

We can execute a test plan that is created by your organization, or create a test plan based on our own assessment of your security measures. We create our reports and workpapers to communicate and document these tests to your specifications. You retain workpapers for reference purposes.

Your security assessment needs are defined when you identify each business risk, and map the critical component or control needed to mitigate that risk. When your firm has compliance needs for the GLBA Privacy Act, HIPAA or the California Law on SSN [California civil code 1798.85 & 1798.86] you must provide assurances to third parties or regulators that you have taken reasonable measures to address your firm's burden under these laws.

Addressing individual compliance and regulatory areas takes resources away from other business needs. Ask us how we can leverage your firm's security testing needs so that a single set of tests can satisfy your need for internal control assurance as well as the regulatory aspects of those internal controls.

Our comprehensive approach to security is layered and driven by the business risks of your unique technology configuration. Starting at your telecommunication perimeter, we observe the network configuration, firewalls and intrusion detection/ prevention measures and assess their functionality. Moving closer to your data, we then observe and test your anti-virus software. That being done, we move on to the network access security settings and administration process that limits access to sensitive data to those employees who need it for their job, and limits where they can download and store this information, once accessed. Finally, the security settings over the machine that actually stores the data need to be tested. We are expert at the full line of servers and mainframe security. We assess and test platform security configurations for OS/390 and z/OS with Unix (USS) services as well as z/VM, RACF, TSS and ACF2 [including the subsystems, TSO/ISPF, JES2, VTAM, DB2, IMS and CICS], AS/400 and I Series, Window OS, and underlying data base handlers such as Oracle/SQL.

We believe that both network access and native computer platform security settings need to be hardened and tested to stay ahead of the attack vectors from people outside and within your firm.

A policy review that clearly defines security incidents, how and when they are to be escalated or ignored is also part of the mix. What happens when the unthinkable occurs? How would your firm react to a security breach? Would they make the "right choices?"

At FDC Associates enterprise security assessment and testing is our primary business activity. We can address all of your enterprise security needs, including:

Risk Assessment and Security Planning

Security Policy Review and Creation

Security Architecture design and testing

Security Assessment, IT Audits and testing

Security change management process audits and testing

For more information, complete an Information Request or Contact Us.