Risk Assessments & Data Loss Prevention Due Diligence

Information Security Risk Assessments

Redpoint offers a variety of risk assessment services, including: governance-focused (a review of policies and procedure); technical (e.g. hands-on network and systems vulnerability assessments); and ‘hybrid’ (some combination of the qualitative and the technical).

We offer these different formats because our clients often have differing needs or priorities. For example, some have already had technical work performed and are preparing for a regulatory compliance inspection, while others have information security policies in place and need to align these or update them with an holistic technical review.

As with our penetration testing services, our risk assessment services are meant to compliment and support your company’s current internal and 3rd-party resources.

For example, most companies have IT services, and many have some combination of in-house and 3rd-party IT support. Redpoint’s risk assessments are meant to provide you and your IT team(s) with an objective look at areas where you might be able to strengthen your defenses or better align these with certain security frameworks and requirements.

Each assessment comes with detailed documentation, including specific remediation recommendations, to help you better manage your assets and data – both internally and with respect to your vendors and 3rd-parties.

Our Assessment Services

Redpoint offers a variety of risk assessment types, ranging from standard internal and external network vulnerability scanning with the overlay of specific security frameworks and/or regulatory requirements, to web application scanning, to assessments of a wide variety of networked devices (sometimes termed ‘IoT’ devices).

We also offer project planning, including a pre-assessment project ‘design’ phase where one is needed, during which we work with your team to develop specific project goals and requirements, in order to ensure that the risk assessment is as broad or as laser-focused as you need it to be to achieve your risk management and/or compliance priorities.

Services include, but are not limited to:

  • Internal & External Network Architecture
  • Perimeter Devices (e.g. Firewall Configurations)
  • IDS/ IPS Configurations
  • Web Application Vulnerability Scans
  • Wireless Security Testing & WAP Security Reviews
  • Customized Device-specific Vulnerability Assessments
  • Documentation of Physical Office Security Protocols