Auditing has been a difficult process for institutions due to stronger requirements, the explosive growth of vulnerabilities and the increase in dependence on computers and the Internet. sandSecurity understands this and redefines IT Audit Services through changing the audit process into an educational opportunity that empowers you with IT Security awareness and tools.

We perform external and internal security assessments in two phases:

• The Blind Assessment is performed using a minimum amount of information, just as an attacker might have.  We study and evaluate attack tactics and use that knowledge as part of our strategy in simulation of real-world action. This Blind methodology allows us to accurately measure security risks while raising awareness concerning public information available about your company.

• The Full-Knowledge assessment is performed once the Blind Assessment is completed. We ask the customer to provide all policy, network and system information so that we can perform an exhaustive evaluation. During this phase, we work directly with you and take the time to teach the tools and methodologies to improve your awareness and business capability. Customer input and participation is a critical and crucial part of our evaluation process. We review network layout and services, system configuration, security policy and controls and many other components of a production environment.

The sandSecurity Difference is in how we conduct our assessments. We encourage you to sit with us and learn as we analyze your networks and systems. We demonstrate tools and explain the information we gather.