ENTERPRISE SECURITY ASSESSMENT

WHAT IS AN ENTERPRISE SECURITY ASSESSMENT?

The Enterprise Security Assessment enables you to measure and level-set your organization’s current security posture, which can serve as a baseline for future assessments. If your company is a veteran at annual security assessments, RedLegg provides cutting-edge threat intelligence, network enumeration, threat modeling, and both manual and automated application testing, which many other security service providers fail to provide. RedLegg also offers cybersecurity awareness evaluation and training for personnel handling confidential information.

RedLegg's Enterprise Security Assessment traditionally offers a combination of a NIST Gap Assessment, penetration testing or vulnerability assessment, and a phishing campaign to measure your organization's current security posture.

BENEFITS

Benefits of an Enterprise Security Assessment performed by RedLegg include:

INSIGHT:

Gain insight into many of the current risks within your enterprise by identifying shortcomings in your existing security program.

EFFICACY:

Prioritize the biggest threats to the organization and strategically plan a roadmap to better safeguard your organization.

PROACTIVITY:

Reduce the impact and likelihood of a successful breach and data exfiltration by testing and securing of your organization.

COMPLIANCE:

Show customers and stakeholders your commitment to securing and protecting the most valuable assets against various threat actors.

GAP ASSESSMENT METHODOLOGY

The RedLegg methodology for conducting Gap Assessments is based on a proven track record of examining an organization's security program through interviews and analyzing relevant documentation and materials.  RedLegg has developed a robust assessment methodology that maximizes the ability of the consultant to identify security gaps in the organization’s environment.  During the assessment, we provide consulting to meet compliance with security best practices while improving the overall security posture of your organization.

Learn more about RedLegg's GRC Gap Assessments.

333
PHASE 1:
EXAMINE
PHASE 2:
INTERVIEW
PHASE 3:
CLARIFY
PHASE 4:
DELIVER REPORTS
PHASE 5:
DEBRIEF

PHASE 1:
EXAMINE

RedLegg examines relevant documentation to determine if aspects of the framework are currently in place. Analysis of the documentation allows the consultant to understand the maturity level of the program and identify areas to improve beyond compliance with the assessed framework. Documents may include, but are not limited to:

  • Policies, Standards, Guidelines, Procedures
  • Vulnerability Scans
  • Pen Testing Reports
  • Application Assessment Reports
  • Compliance Reports
  • Network Diagrams
  • Technical Control Configurations
  • Employee Handbook
  • Organizational Chart
  • IR and BCDR Plans

PHASE 2:
INTERVIEW

RedLegg continues by conducting interviews with key stakeholders at the organization.  These stakeholders will answer questions relating to specific aspects of the framework as well as the overall security posture.  Interviewees may include, but are not limited to:

  • CISO/CIO
  • Director of Security/Director of IT
  • Security Architect
  • Network Administrator/Engineer
  • Server Administrator/Engineer
  • Desktop Support
  • Legal and Compliance
  • SOC Team
  • Development Team
  • IT Operations Team
  • Senior Leadership
  • Human Resources
  • Senior Leadership
  • Human Resources

PHASE 3:
CLARIFY

After the interviews are complete, RedLegg will review the notes and may request some follow-up documentation. Additional interviews may be necessary to assist with clarifying documentation. RedLegg will strive to clarify any findings to increase the accuracy of the report.

PHASE 4:
DELIVER REPORTS

Upon completion of the assessment, RedLegg will document the results into a report, including:

  • Executive Summary
  • Assessment Findings
  • Remediation Recommendations
  • Remediation Roadmap

PHASE 5:
DEBRIEF

Once the deliverable has been received, RedLegg will schedule a debriefing meeting to discuss the results of the assessment. During this phase, RedLegg will work with you to determine any necessary changes to the report. When changes are complete, RedLegg will finalize the report and finish the project.

  • PHASE 1:
    EXAMINE

    • PHASE 1:
    EXAMINE

    RedLegg examines relevant documentation to determine if aspects of the framework are currently in place. Analysis of the documentation allows the consultant to understand the maturity level of the program and identify areas to improve beyond compliance with the assessed framework. Documents may include, but are not limited to:

    • Policies, Standards, Guidelines, Procedures
    • Vulnerability Scans
    • Pen Testing Reports
    • Application Assessment Reports
    • Compliance Reports
    • Network Diagrams
    • Technical Control Configurations
    • Employee Handbook
    • Organizational Chart
    • IR and BCDR Plans
  • PHASE 2:
    INTERVIEW

    • PHASE 2:
    INTERVIEW

    RedLegg continues by conducting interviews with key stakeholders at the organization.  These stakeholders will answer questions relating to specific aspects of the framework as well as the overall security posture.  Interviewees may include, but are not limited to:

    • CISO/CIO
    • Director of Security/Director of IT
    • Security Architect
    • Network Administrator/Engineer
    • Server Administrator/Engineer
    • Desktop Support
    • Legal and Compliance
    • SOC Team
    • Development Team
    • IT Operations Team
    • Senior Leadership
    • Human Resources
    • Senior Leadership
    • Human Resources
  • PHASE 3:
    CLARIFY

    • PHASE 3:
    CLARIFY

    After the interviews are complete, RedLegg will review the notes and may request some follow-up documentation. Additional interviews may be necessary to assist with clarifying documentation. RedLegg will strive to clarify any findings to increase the accuracy of the report.

  • PHASE 4:
    DELIVER REPORTS

    • PHASE 4:
    DELIVER REPORTS

    Upon completion of the assessment, RedLegg will document the results into a report, including:

    • Executive Summary
    • Assessment Findings
    • Remediation Recommendations
    • Remediation Roadmap
  • PHASE 5:
    DEBRIEF

    • PHASE 5:
    DEBRIEF

    Once the deliverable has been received, RedLegg will schedule a debriefing meeting to discuss the results of the assessment. During this phase, RedLegg will work with you to determine any necessary changes to the report. When changes are complete, RedLegg will finalize the report and finish the project.

DIVING DEEPER

RedLegg's Enterprise Security Assessment also offers network penetration testing, or a vulnerability assessment, and social engineering to provide a base-line assessment of your security posture.

  • PENETRATION TESTING
  • SOCIAL ENGINEERING

PENETRATION TESTING

RedLegg's penetration testing experts don’t rely on automated procedures and generic reports. To improve your security posture and provide the best possible defense for your network, we offer...

  • A comprehensive combination of manual and technical processes to thoroughly test your network’s specific vulnerabilities
  • A detailed report explaining what we found, why those results are important, and our recommended remediations
  • A dedicated RedLegg consultant to keep you updated and informed throughout your engagement

Learn more about RedLegg Penetration Testing.

SOCIAL ENGINEERING

Social Engineering is a malicious, fraudulent activity performed with the intent to acquire sensitive information. Phishing can be performed through email communications while vishing is performed through telephone communications. RedLegg provides social engineering testing to help improve your security posture and increase security awareness within your organization.

Learn more about RedLegg's Social Engineering service.

  • PENETRATION TESTING

    • RedLegg's penetration testing experts don’t rely on automated procedures and generic reports. To improve your security posture and provide the best possible defense for your network, we offer...

    • A comprehensive combination of manual and technical processes to thoroughly test your network’s specific vulnerabilities
    • A detailed report explaining what we found, why those results are important, and our recommended remediations
    • A dedicated RedLegg consultant to keep you updated and informed throughout your engagement

    Learn more about RedLegg Penetration Testing.

  • SOCIAL ENGINEERING

    • Social Engineering is a malicious, fraudulent activity performed with the intent to acquire sensitive information. Phishing can be performed through email communications while vishing is performed through telephone communications. RedLegg provides social engineering testing to help improve your security posture and increase security awareness within your organization.

    Learn more about RedLegg's Social Engineering service.

Tabletop-Exercise-Pillar-Banner

See how incident response tabletop exercises can take your security to the next level.

LEARN MORE

OUR APPROACH

RedLegg is an innovative, global security firm that delivers managed cybersecurity solutions and peace of mind to its clients.

RedLegg’s approach to information security protects the confidentiality, integrity, and availability of critical data based on a sound risk management framework. This approach allows organizations to engage business owners in defining acceptable levels of risk and to participate in the process for evaluating threats.

RedLegg’s ARMEE (Assess, Remediate, Monitor, Educate, Enforce) methodology institutes a lifecycle that allows for an ongoing process to continuously improve the security posture of the organization. This methodology is designed to be portable to all business, legal, regulatory, and security requirements of the organization. It is flexible enough to account for the constant flux in the market place, attack vectors, and protection mechanisms.

ARMEElogo-1

GET COVERED.

Discover your organization's current security posture.

REACH OUT TO AN EXPERT