IT Risk Management - Simple. Powerful. Refined.
Menu
  •  

  • IT Risk Assessment

    start with a strong foundation  

    Now Available

  • Compliance Assessment

    navigate regulations like a pro  

    Coming Soon

  • Control-2-Framework Mapper

    keep your controls on course  

    Coming Soon

  • SANS Top 20 Mapper

    analyze your progress  

    Coming Soon

  • Control Framework Assessment

    put your policies in perspective  

    Coming Soon

  • IT Policy Reviewer

    know where you stand  

    Coming Soon

  • Audit Program Generator

    manage with dynamic intelligence  

    Coming Soon

  • IT Audit & Security Utilities

    take action without breaking the bank  

    Coming Soon

  • Findings Repository

    save time with expertly prepared reports  

    Coming Soon

  • Ask an Expert

    get advice when you need it  

    Coming Soon

  1. Overview
  2. Details

Once you’ve used our IT Audit Program Generator to complete your custom audit, you may find that some tasks are easier to complete with a commercial tool. For example, manually assessing a firewall would be time-consuming and likely to result in errors. It is easier and more reliable to utilize a tool that can automate a comprehensive assessment, but buying software you only need to use once is costly and unnecessary.

We’ve worked with vendors to offer you low-cost, one-time licenses for some of the best tools on the market. Each of these tools will automate the assessment and generate a detailed report. Our reports are presented in non-technical language, making them easier to share with stakeholders across your organization.

Below is a brief listing of the tools we offer with a one-time license. For a complete list that includes pricing, please consider subscribing to scGRC.com

  • Network Device Configuration Analysis – a comprehensive analysis of a core switch or firewall configuration.
    • Technical review of each setting/configuration
    • Full analysis of each rule.
    • Analysis of risks permitted by existing rules
    • Policy configuration assessment
    • Routing configuration assessment
    • Network settings
    • Assessment of each rule based on named source, service, destination
  • Database Security Assessment – a comprehensive assessment of a database’s security posture.
    • Known database-specific vulnerabilities
    • Database system configuration
    • Privilege Management
    • Object Permissions
    • Access Controls
    • Database and Application Integrity
    • Database patch management
    • Identification and password controls
    • Host operating system integrity
  • Web-Application Assessment – a comprehensive unauthenticated and authenticated analysis of web-application-specific vulnerabilities. The assessment will cover risks in the following categories.

    ·Cross-site Scripting

    ·SQL Injection

    ·PHP File Include

    ·Parameter Deletion

    ·Buffer Overflow

    ·Format String

    ·Microsoft CGI Attacks

    ·CGI Attacks

    ·Remote Execution

    ·Directory/File Traversal

    ·CRLF Injection

    ·Special Parameter Addition

    ·Boolean Parameter Tampering

    ·Blind SQL Injection

    ·Integer Overflow

    ·Information Exposure

    ·Generic HTTP Attacks

    ·Microsoft IIS Attacks

    ·Common HTTP Device Attacks

     

  • Directory Services Analysis – a complete analysis of Active Directory.  The report provides detailed findings regarding user provisioning, best practice standards, and current settings. 
    • Domain Structure
    • Domain Accounts Policy          
    • Domain Controller Policy Settings (Local Policy)
    • Audit Policy Settings  
    • Event log Settings       
    • Security Option Settings            
    • Group Policy Objects 
    • Password Setting Objects (PSOs)             
    • User Accounts Defined In The Domain 
    • Groups Defined In the Domain               
    • Domain Local Groups and their Members            
    • Domain Global Groups and their Members          
    • Last Logons, 30 Days and Older             
    • 30 Days and Older     
    • Passwords that Never Expire    
    • Accounts not Requiring a Password       
    • Invalid Logon Attempts Greater than 3
    • Users not Allowed to Change Passwords               
    • Accounts with Expiry Date       
    • Rights and Privileges  
    • Descriptions & General Recommendations for Rights        
    • Server Roles and Features        
    • Security Updates, Patches and Hot-Fixes              
    • Current Network Connections 
    • Network Shares           
    • File Permissions and Auditing

Vulnerability Assessment – a technical report of the risks associated with systems assessed for known vulnerabilities.

Login
Request a Demo
See our tools in action and experience the power of efficiency.


* Required