» Security Posture Assessment

The Security Posture Assessment, or SPA, is the standardized WhiteHat vehicle for security and privacy investigations and assessments. It serves as a framework within which to build a list of tasks, testing and analysis to meet the requirements of our clients. Our lengthy experience has demonstrated that every client and every engagement is different. Therefore, we have a wealth of standardized modules to populate the framework, each engagement is different, and therefore, customized.

A typical SPA for a comprehensive assessment of client IT security posture might include, as an example, the following investigation targets:

External perimeter (firewalls, VPNs, etc.)

External web application layer

Internal IT architecture review

Configuration and patch levels / management

Wireless implementation

Policy and compliance review

Business Continuity Processes (BCP)

Physical security

Public Internet information practices

End user security awareness metrics

When a comprehensive assessment is performed within a single engagement, considerable economies result. The deliverable report provides a baseline measure of an organization’s security maturity and at a surprisingly affordable cost.  Another benefit of the SPA is that the analytics can be adjusted to produce a conventional Threat Risk Analysis (TRA), providing a solid roadmap for remediation efforts.