Huges & Aimeas
Aiming to enhance the protection of the network infrastructure against cyber-attacks, Hughes AMYS LLP needed to identify all security weaknesses of the network and mitigate the risk of misusing the network services. As an external auditor, GRIP I.T. was tasked with role of an external auditor, Hughes AMYS LLP needed a capture the security risks for the business-critical network & client services. In addition, provide detailed recommendations on the improvement of information systems’ security level, with a project rollout to resolve the deficiencies.
Our testing approach is focused on testing the vulnerabilities of all layers of the organization, from perimeter, the internal network, endpoint and social condition. We determined the type of security infrastructure in place, and tailored our attacks to take advantage of gaps.
Firewall – reviewed and analyzed configuration
External penetration – evaluated vulnerabilities
Social engineering – determined employee risks
Phishing – used fake e-mails and USB devices
False web sites – determined risks
Network & Endpoint Policies – evaluated security-related policies
The automated scans can reveal vulnerabilities, but a manual check usually reveals more information. We provided a detailed report comprising the list of vulnerabilities. The number of issues identified at each risk level (critical, high, medium, low and informational) was presented graphically and key issues starting with the most critical were listed with recommendations given for resolution. We were successfully able to provide an unbiased consultative & corrective measure to not only streamline, but also proactive service solutions and services for security concerns that were identified. During these phases we provided a letter of engagement to the board, overall public-facing client security statement.