IT Security, IT Network Security, and Risk Assessment
Sample projects completed by Aporia Solutions in Houston, Dallas, and Austin for risk, security assessments, and IT Management:
1. In-house Core Processing / ERP Security Assessment included:
- Security Management & Administration
- Corporate Policies & Standards
- Roles and Responsibilities
- Operational Policies and Procedures
- Security Administration Policies and Procedures
- Backup and Disaster recovery policies and procedures
- System Configuration
- Access Controls
- File and Library Protection
- Reporting, Auditing and Monitoring
2. Change Management Audit
Aporia’s approach to this audit was to:
- Review Application acquisition process and standards;
- Review change control policy, procedures and practices;
- Review license and maintenance contract;
- Review work relationship between vendor manager and internal IT staff;
- Review process, procedure and practice for:
- Requirement definition of patches
- Risk assessment of patch implementation
- Testing of patches and test environment
- Implementation of patches in production;
- Review data integrity management; and
- Review sign off process and practice.
- Developed report and work papers.
Duration of the project was 7 weeks. The Aporia team was responsible for the entire project.
3. Penetration Test
Aporia conducted an External Vulnerability Assessment (commonly call a Penetration Test) to assess the external network perimeter and Internet risks and potential problems. Aporia performed tests on the institution’s network perimeter to identify vulnerabilities from outside client’s network for the IP addresses. This network level assessment included:
- Testing perimeter with multiple tools
- Manual Investigative Test of network perimeter
- E-mail Server Vulnerability Assessment (as appropriate from the outside)
- Assessment of Intrusion Detection Systems
- Assessment of Intrusion Prevention Systems
- Anti-Virus Assessment (as appropriate from the outside)
- Social Engineering Test (email penetration)
- Security Holes, Warning and Informational listing
- Web Site Vulnerability Testing
- Remediation steps to address the security holes
Duration of the project was 7 weeks. The Aporia team was responsible for the entire project.
4. Information Technology Internet Access, Use, Control and Security Audit
As part of this audit the Aporia team:
- Reviewed internal controls of Information Technology (IT)
- Conducted risk assessment
- Tested compliance
- Tested effectiveness and design of key IT controls
- Tested controls in place to see if the actions are blocked or logged.
- Reviewed the three user groups, which have Internet access and verify the members have been authorized.
- Reviewed enforcement in breaches of Policy governing Internet access.
- Developed report and work papers.
Duration of the project was 6 weeks. The Aporia team was responsible for the delivery of entire project.
