Network Security Audit and Testing — Key Components of a Network Security Assessment

A comprehensive Network Security Assessment includes Network Security Audit and Network Security Testing. More specifically, LOCKNET provides the following services:

• Network Vulnerability Assessment
• Network Penetration Testing

• Physical Security Assessment
• Social Engineering

Network Security Testing Helps Keep Your Network Secure

A Network Vulnerability Assessment is a study to locate security vulnerabilities. Network Security Testing may be focused on the security process or the information system. It may also focus on different aspects of the information system, such as one or more hosts or networks.

Network Vulnerability Assessments identify areas for improvement for security threats and malicious attacks from outside sources, and identifies corrective actions. This is the first step in completing a Network Security Audit.

Network Security Testing Simulates Attacks

Network Security Testing, which includes a Network Penetration Test, subjects a system to the real-world attacks selected and conducted by the testing personnel. The benefit of a Network Penetration Test is that it identifies the full extent to which a system can be compromised before the attack is identified, and assesses the response mechanism’s effectiveness. Network Penetration Tests generally are not a comprehensive test of the system’s security, and should be combined with other independent diagnostic tests to validate the effectiveness of the security process.

Physical Security Assessments Identify Building Risks

A Physical Security Assessment is a comprehensive evaluation of the non-technical part of information security. This includes a thorough inspection of the building and work areas to identify physical security risks.

Social Engineering Testing Identifies Customer Communication Risks

Social Engineering is another form of Network Security Testing. It involves the art of gaining information from people by appearing authorized or authoritative to employees to gain physical access to computer systems and other confidential information. Obtaining information may happen either in person or over the phone, and typically involves information requests from employees to see what can be revealed, especially when employees are not following company procedures or providing confidential information to people outside the institution.