Huges & Aimeas

Objective: 

Aiming to enhance the protection of the network infrastructure against cyber-attacks, Hughes AMYS LLP needed to identify all security weaknesses of the network and mitigate the risk of misusing the network services. As an external auditor, GRIP I.T. was tasked with role of an external auditor, Hughes AMYS LLP needed a capture the security risks for the business-critical network & client services. In addition, provide detailed recommendations on the improvement of information systems’ security level, with a project rollout to resolve the deficiencies. 

Solution: 

Our testing approach is focused on testing the vulnerabilities of all layers of the organization, from perimeter, the internal network, endpoint and social condition. We determined the type of security infrastructure in place, and tailored our attacks to take advantage of gaps.  

Firewall – reviewed and analyzed configuration 

External penetration – evaluated vulnerabilities 

Social engineering – determined employee risks 

Phishing – used fake e-mails and USB devices 

False web sites – determined risks 

Network & Endpoint Policies – evaluated security-related policies 

The automated scans can reveal vulnerabilities, but a manual check usually reveals more information. We provided a detailed report comprising the list of vulnerabilities.  The number of issues identified at each risk level (critical, high, medium, low and informational) was presented graphically and key issues starting with the most critical were listed with recommendations given for resolution. We were successfully able to provide an unbiased consultative & corrective measure to not only streamline, but also proactive service solutions and services for security concerns that were identified. During these phases we provided a letter of engagement to the board, overall public-facing client security statement.