IT Security Health Check

CREST approved IT Health Check for:

  • Public Service Networks

  • Private Sector

  • Due Diligence

  • Annual Assurance

it_healthcheck_header.png

PSN and Private Sector IT Health Checks

Organisations connected to the Public Sector Networks require regular assessment of technical information security controls in place and guidance as to how these controls can be improved to reduce technical risk.

Hedgehog Security provides PSN connected public sector organisations with a simple, straightforward fixed price PSN Health Check service that covers both external and internal PSN Health Check requirements in one simple solution. We will work with you to produce a testing scope in accordance with PSN Health Check requirements, provide a thorough assessment of systems and resources within the testing scope, and provide detailed but easily digestible reports containing recommended corrective actions considering the time and resources at your disposal.

 

Internal testing

This stage involves both automated and manual assessment of the internal network, in order to ascertain that technical controls in place are adequate to protect IT data and systems from internal threats. In addition, a typical IT Health Check will include:

  • Testing of WiFi security to ensure both staff and guest access is adequately secured.

  • Desktop and Server build reviews to ensure that system configurations are adequately hardened before deployment and that best practice is being adopted in regard to authentication and patch management.

  • A technical review of security gateways (firewalls, VPNs, etc) to ensure that rule-sets and system configurations are suitably secured.

  • A build review of remote access solutions, including use of encryption to protect data in transit and at rest.

  • A review of BYOD (Bring Your Own Device) practices within the organisation.

*The above scope is merely an example of a typical PSN Health Check, and it is important that PSN customers can demonstrate to their assessors that an adequate scope of testing has been adopted.

 

External Testing

This consists of both automated and manual vulnerability assessment of your externally facing network perimeter, including web applications, VPNs and any other potential points of network entry. We combine automated scanning, which by itself is limited in effectiveness, with manual verification and assessment to ensure that false positives and negatives are removed.

This is the same with the internal aspect of testing, all results will be compiled into a report and the remediation actions will be added to a separate remediation spreadsheet.

Where you use third party service providers with access to the corporate network, their network perimeter may have to be considered an external connection and tested accordingly.