Product feature 1

Vulnerability Assessment

Identifying vulnerabilities in your network is the first step to improving your overall risk and security posture. A vulnerability assessment tests all network services, including; web sites, email, databases, file servers and wireless for known vulnerabilities such as misconfiguration errors, weaknesses in authentication, coding errors, missing patches and other exploitable conditions. The state of the network is then compared to industry best practices, regulations (PCI-DSS, GLBA, SOX, DPA) and standards (ISO 17799, now ISO 27001/27002) in order to identify high value "quick fix" controls and once the vulnerabilities are validated steps for remediation are provided. 

Product feature 1

Penetration Testing

Penetration Tests are very similar to a vulnerability assessment but instead of focusing simply on known vulnerabilities, we discover unknown vulnerabilities and dive much deeper by exploiting software configuration errors, poor access controls, old and outdated software as well as human elements through social engineering if requested. The end goal of a penetration test is to identify systemic vulnerabilities and those things that would be missed during a vulnerability assessment with the objective of accessing important and sensitive electronically stored information by utilizing similar methods as a real attacker. 

Product feature 1

Compliance

Companies today are subject to a wide range of standards and regulatory compliance requirements, no longer do you have to operate in a "regulated industry" to be subject to data storage regulations. If you process credit cards or ACH transactions, store sensitive personal information such as social security number or dates of birth or mail marketing materials you are subject to industry standards as well as federal and state regulations. Keeping track of these regulations is time intensive and new compliance requirements are always in development. Since we do not provide attestation services, we can help you identify gaps in your compliance as well as advise you on the best path to reach your goals.

Personalized Approach

IT Risk, Ltd. is not a huge "Big 4" accounting firm and we don't pretend that we are. We are a small group of passionate security researchers with experience in government and defense, international standards development, law enforcement, as well as privately held and publicly traded companies. By utilizing our network of security researchers, we are able to handle big and small projects with the same level of personalization; whether it is the first time you are testing your security, your yearly penetration test, or responding to a security compromise, we are able to to provide rapid response as well as long term guidance.

There are no account managers, business development or sales people to come in between you and your advisor. From your first call you will be working with the person who will be helping you and we value that relationship.

Confidential

When you retain a security advisor you are trusting this individual with your livelihood and we will never minimize that trust. Our advisors have all worked in highly sensitive environments that require the utmost in ethical behavior. 

You may have noticed that we don't provide a gallery of testimonials from previous clients. We believe that your trust is worth much more than a piece of marketing on a website.

In-depth Knowledge

We are actively developing the next generation of methods to test security and the measures protect your assets. Check out our resources page and ITRisk.org for more information on our active projects. 

© 2010 IT Risk, Ltd. LLC - Contact us at +1 612-879-5000 or matthew@itriskltd.com - GPG Key ID 8C2818E1

Feedback