• Wireless Solutions

    Don't be tied down to your network. Go Wireless and Live Free. We can help.

  • Network Architecture

    A poorly designed network is a recipe for failure. Contact us to resolve your network design issues.

  • Network Security Design

    The design of your Network Security Systems is critical in protecting your network from attackers. Let us help you secure your network.

  • VoIP & Unified Communications

    Your VoIP system doesn’t have to sound like a tin can. Let our Unified Communications experts help you solve your UC and VoIP challenges.

  • Vulnerability Security Assessment

    Our Security assessments will identify the vulnerabilities in your systems, allowing you to repair them before your network becomes compromised.

SECURED

Our comprehensive assessments and policy review can ensure that your systems meet and exceed IT Security Best Practices. Take comfort in knowing your systems are “Secured”.

Vulnerability Assessments (VA)

Our Vulnerability Assessment service provides a comprehensive analysis of your organization’s systems, networks and applications. Our consultants use both manual and automated tools to holistically assess your environment. We examine security controls and measure the effectiveness of your security program, procedures and technology against realistic threats.

Our process discovers vulnerabilities and determines whether they originate from improper system configuration, improper network design, or identified security flaws in your system. Vulnerabilities are then ranked according to the threat and risk they pose to your organization based on your business model. Whether its detailed configuration reviews, live testing, or gauging endpoint protection effectiveness, all of our vulnerability assessments are conducted in a safe and controlled manner.

We use industry accepted security testing methodologies, such as the Open Source Security Testing Methodology Manual (OSSTMM). The vulnerability assessment findings can be used to determine the effectiveness of your security controls, in support of your internal auditing and reporting efforts or in justification for security spending initiatives.

A standard vulnerability assessment engagement can include any or all of the following services, based on your organization’s particular needs.

Zero Information Based Discovery

    DNS Name lookups

    Newsgroups

    Email Abuse (Spam lists)

    Vendor sites

Social Engineering

    Dumpster Diving

    Shoulder Surfing

    Request Password Changes

Physical Access Controls

    Data Centre

    Wiring Closets

    Network Access etc.

Perimeter/External Network Scans

    Zone Transfers

    SMTP Relay Checks

    SNMP Sweeps etc.

    Ping Sweeps

    Targeted Port Scans

Internal Network Scans

    DMZ Networks

    Internal Networks

Host Assessments

    Firewall Configuration Reviews

    Host Security policy reviews

    Password Cracking

    Database Security

Wireless Security Review

Remote Access

Security Architecture Review

    Review of firewall configuration and access lists

    Review of security architecture

Security Policy Review

    Review of corporate security policies

Threat and Risk Assessments (TRA)

A Threat and Risk Assessment (TRA) is a formalized process to identify your organization's information assets, and risks that threaten those assets, and provide recommendations to mitigate or reduce the risks to acceptable levels.  A TRA serves to improve your organization’s security posture by providing a foundation on which to build your strategic and tactical IT security plans, polices, procedures and guidelines.

A typical TRA includes the following:

  • a Statement of Sensitivity (SOS) to identify and categorize relevant assets according to their confidentiality, integrity and availability values;
  • an identification of threats (deliberate, accidents, or hazards) that may adversely affect said assets;
  • an analysis of residual risks for each asset which is vulnerable to idenfied threats;
  • an assessment of current vulnerabilities, and;
  • recommendations proposing safeguards to mitigate and reduce risk to an acceptable target risk level.

Connected IT Solutions follows the Government of Canada’s Harmonized Threat and Risk Assessment (HTRA) Methodology when performing TRAs.

Privacy Impact Assessments (PIA)

A Privacy Impact Assessment (PIAs) is a process for determining the potential privacy risks of new or redesigned programs or services on an individual's privacy, and subsequently helping to eliminate or reduce those risks to an acceptable level. PIAs take a close look at how government departments protect personal information as it is collected, used, disclosed, stored and ultimately destroyed. These assessments help create a privacy-sensitive culture in government departments.

According to The Office of the Privacy Commissioner (OPC);

“virtually all government institutions, as defined in section 3 of the Privacy Act, including parent Crown corporations and any wholly owned subsidiary of these corporations, must conduct PIAs for new or redesigned programs and services that raise privacy issues.”

“Specifically, a PIA is generally required when a government department:"

  • Uses or intends to use personal information in a decision-making process that directly affects an individual;
  • Substantially modifies existing programs or activities where personal information is being used, or intended to be used, in a decision-making process that directly affects an individual;
  • Contracts out or transfers a program or service to another level of government or the private sector resulting in substantial modifications to a program or activity;
  • an assessment of current vulnerabilities, and;
  • Substantially redesigns the system that delivers a program to the public, or;
  • Collects personal information which will not be used in decision-making process that directly affect an individual but which will have an impact on privacy.

Connected IT Solutions has a team of experienced consultants that can conduct Privacy Impact Assessments for your organization.

Contact us to discuss your Security needs.