Security Assessments
Understand your risk.
Alchemy’s security assessments measure a company’s security posture against industry best practices, compliance requirements and industry frameworks. An assessment identifies vulnerabilities and measures the effectiveness of the organization’s controls, which can include people, process and technology vulnerabilities and span across the entire business. It will help you determine risk, which is the potential for loss if a vulnerability is exploited. Guidelines and standards for security assessments are published by organizations such as National Institute of Standards & Technology (NIST), SANS Institute and PCI Standards Council.
Types of Assessments
Vulnerability Assessment – Identifies weaknesses that can be exploited
Risk Assessment – Quantifies risk and potential loss based on asset value
Compliance Assessment – Confirms compliance with required standards, such as HIPAA or PCI Penetration
Testing – Simulates an internal or external attacker against the company’s network
Assessment Benefits
- A security assessment ensures that you are aware of security risks within your environment. You can’t fix a problem if you don’t know it exists. It will also serve as your initial baseline so you can track positive progress in your security program.
- Assessments can help to document the progress being made to protect the company.
- Due diligence, which is the effort made by a company to avoid harm as determined by a reasonable person. If your company encounters a security breach, your company’s legal exposure and financial penalties can be impacted by the due diligence you’ve shown in defending against threats. A security risk assessment is the first step in showing due diligence. The second step is making an effort to address the vulnerabilities that were found.
- Maintain compliance. Some industries require security assessments as a condition of compliance. The Security Rule of the Health Insurance Portability and Accountability Act (HIPAA) is one example.
Line Card
Regulatory and Framework
- NIST CSF Assessment
- HIPAA Assessment
- C2M2 Assessment
Cloud and Architecture
- AWS Security Assessment
- Azure Security Assessment
- Security Architecture Assessment
- 365 Security Assessment
Red Team Services
Network Security
- Internal Penetration Test
- External Penetration Test
- Wireless Penetration Test
- Firewall Assessment
- Network Architecture Assessment (Firewall, VPN, Router, Switches)
- Host Penetration Assessment
- Active Directory Assessment
Application Security
- Web Application Penetration Assessment
- Web API Penetration Testing
- Mobile Application Security Assessment
- Thick Application Assessment
- Web Services Security Assessment
- Enterprise Mobility Management Assessment
Social Engineering
- Phishing Assessment
- Physical Penetration Testing
- Social Engineering (Phone) Assessment
- OSINT/Reconnaissance Assessment
Combined
- Goal-Oriented Red Team Assessment
- Threat Modeling and Architecture Assessment
- Security Technology Assessment
- IT Security Gap Assessment
Incident Response and Forensics
- Compromise Assessment
- Malware Assessment
- Incident Readiness Assessment
- Forensic Capabilities Assessment
- Security Tools Assessment
Industrial Control Systems
- ICS Compromise Assessment
- ICS Security Assessment
- Building Automation Assessment
- ICS Security Technology Assessment
IoT/Embedded Systems
- Embedded System Security Assessment
- Automotive System Assessment
- Medical Device Security Assessment
- Clinical Application Assessment
- Med Secure Assessment Framework
Request a Security Assessment
Enter your information below and an Alchemist will reach out.
