© 2020 RSM Canada Operations ULC. All rights reserved.
A threat representative approach to information security
Security testing is a process by which technical methods are used to identify findings that support the broader enterprise risk management program. Examples include regulatory-required testing, testing of new solutions, and validation of processes. A thorough security testing approach looks at vulnerabilities from several perspectives using a variety of different tools (developed in-house, open sourced or commercially licensed) that can respond to a wide range of organizational needs.
RSM’s security testing is comprehensive and utilizes a threat representative approach. We stay aware of the latest attack vectors and model our assessments based on these attacks. The realm of cybersecurity is consistently evolving, and we consistently keep up with the latest changes.
Who needs this
Attackers are consistently finding new ways to exploit businesses’ vulnerabilities to compromise their assets and acquire sensitive information. Businesses that wish to assess where they stand against these attackers and also determine their ability to protect against cyberattacks would benefit greatly from RSM’s security testing services.
RSM will work with you to identify key business objectives and suggest a testing approach to help you accomplish your goals. Examples of the types of security testing services we offer include:
- Vulnerability assessments: Vulnerability assessments use a mostly automated approach to identify vulnerabilities in network assets.
- Penetration testing: Penetration tests demonstrate how a malicious attacker might breach an organization, with the tests helping to prevent such an occurrence. Through penetration tests, RSM consultants will attempt to breach the organization by acting as an unauthorized user, with the ultimate goal of compromising your networks and data.
- Red team assessments: This simulation uses the same basic approach included in penetration testing, except it is performed over a longer time period, with the main goal of being undetected by simulating attacks used by real-world adversaries. This type of testing aims to determine the effectiveness of an organization’s detective and incident response controls.
- Application testing: Application testing identifies critical web application vulnerabilities that may be leveraged to either breach systems and applications, or gain access to sensitive data.
- Social engineering testing: Social engineering testing assesses the security awareness of your employees through tactics that include email, phone and USB drops.
- Wireless testing: This testing determines if wireless technologies present an unacceptable level of risk, including their configuration, hardening, usage and security of endpoints (e.g., laptops and mobile devices).
- Database testing: Database testing provides penetration testing and security audits of databases, including MSSQL, Oracle and My SQL, with review of the database environment and associated documentation. While each security test uses different methodologies, the following is universal to all of them:
Subscribe to our newsletters
HOW CAN WE HELP YOU?
Contact us by phone +1.855.420.8473 or submit your questions, comments or proposal requests
We proudly sponsor and participate in events that provide innovative ideas and opportunities for you to improve and grow your business.
Join RSM for a webcast on Sept 23 to hear recent trends in IT & cybersecurity, and the role of audit in addressing risks in the digital age.
Join RSM for a digital transformation conversation for business and professional services companies during this live webcast series.