HSC
Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Services > Audit & Assessment
Go to: HSC Trainings
Télécharger le catalogue des formations
Search:  
Version française
   Services   
o Skills & Expertise
o Consulting
o ISO 27001 services
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o ARJEL
o Training courses
o E-learning
   Conferences   
o Agenda
o Past events
o Tutorials
   Resources   
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
   Company   
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
 communication
 
 
o HSC Newsletter
o Bulletin juridique HSC
o Press review
   Contacts   
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Audit & Assessment  
blah Services
See also...
o Penetration tests
o Vunerability assessment (TSAR)
o HSC ethical and deontological guidelines
o How to request an intervention
o Theme audit
o Theme assessment
o Audits
o Evaluations and analyses


Audits

The HSC audit is a high quality service, thanks to the exhaustive and objective view it provides:

Why call in HSC for an audit?

  • To get an exhaustive view of one's security, with complete fairness and independence.
  • To obtain practical, directly applicable recommendations.
  • To get recommendations sorted by priority order and difficulty level.
  • HSC can carry out any type of technical audit (wireless network audit, network architecture audit, application architecture audit, flows audit, OS audit, sotware audit, investigation audit, code audit...)
  • Finally, to share HSC consultants' experience and enjoy a skills transfer from enthusiast professionnals.

Which type of audit do you need?

Different approaches are possible:

  • Verification audits
    This type of audit analyzes the condition of a system or network, examining the following aspects: organization, architecture, protocols used, configuration, and operating and staff skills. We use a practical approach, which is based on HSC's experience and the methodology we have developed over the years. The audit is carried out with the operating staff, in a limited space.
  • Validation audits
    The validation process checks the state of the system against an existing referential. For example, it verifies that previously defined security requirements have been correctly enforced.
  • Intrusive audits
    Active search for weaknesses in the system, using HSC's vulnerability database. The audit is conducted from within the audited network, using an approach based on intrusion attempts. This audit is carried out without the operating staff, in a wide environment.
  • External penetration tests
    Unlike audits, intrusion tests are entirely conducted from outside the network being tested. The aim is to simulate a real attack to see how well or poorly the network resists.


Evaluations and analyses

These evaluations can concern:

  • an application (comercial software, scripts developped for a web site...),
  • a communication protocol,
  • a security architecture,
  • an electronic voting system,
  • etc.
We evaluate the relevance of the design, the resistance to attacks and/or cryptanalysis, the level of security provided, the perenniality of the solution...

The analysis includes some tests and an analysis of the source code and/or specifications when they are available. Otherwise, it can be done by reverse engineering.

Last modified on 15 April 2010 at 16:39:46 CET - webmaster@hsc.fr
Mentions légales - Information on this server - © 1989-2013 Hervé Schauer Consultants