Assessments are part of the risk management lifecycle. As a result of assessments, priorities can be assigned to remediation actions and their execution. Ascure offers a specific program, the Ascure Assessment Program (AAP), which consists of 4 pillars:
- Logical assessments
- Physical assessments
- Social assessments
- Strategic assessments
Ascure is able to establish an assessment framework within your organization, assist in coaching the audit department, establishing the different assessments as well as executing specific tests. The following table provides an overview of the tests that can be performed:
Logical:
- Vulnerability assessments (network, applicative en system level)
- Intrusion testing (extern, intern, web applications, database systems...)
- System analysis (servers, workstations, network components...)
- Code reviews
- Architecture reviews
Physical:
- Getting physical access to your organization
- Product hardware intrusion testing
- Product hardware design review
- Access restriction mechanism test
Social:
- Exploiting the human factor to get access to your important assets.
Strategic:
- Business impact analysis (BIA)
- High-level risk management analysis (HLRA)
- Gap analysis between your current situation and regulations, standards (ISO27002, CBFA circulars, PCI Standard...) or a to-be situation.