HomeSolutionsIT SecurityProfessional Services


Professional Services

Assessment Offerings

- Technical Environment Risk Assessment (TERA)

- Application Environment Risk Assessment (AERA)

- Legislative Requirements & Compliance Assessment (LRCA)

- Operating Environment Risk Assessment (OERA)

- Vulnerability Assessments

- Policy & Procedure Assessments

- Penetration Assessments

- Technology Assessments

- Business Risk Assessment

- Privacy Assessment

- Development Environment Assessment

Technical Environment Risk Assessment (TERA)

Robust Environment Awareness
The Technical Environment Risk Assessment (TERA) will identify current strengths and weaknesses in the organization’s computing environment from a technical security perspective. This will include security management, technical vulnerabilities, and system audit capabilities. The assessment will help to identify key information assets, the vulnerabilities that threaten the security of these valuable assets, and allow the company to focus its information technology resources more effectively.

Engagement Type: Consulting Contract
Target Market: Medium to Large Enterprise
ROI / Selling Focus: Detailed Technical and Executive awareness of Information Security issues.

Application Environment Risk Assessment (AERA)

Validation of business risks within critical applications

An Application Environment Risk Assessment (AERA) is an interactive review of a proposed or currently implemented security framework to ensure implemented access control models, authentication mechanisms, and hosted environments provide an acceptable level of security required for the application.

The review provides assurance that all aspects of secure programming are properly addressed and that the underlying framework for the application meets or exceeds the requirements for the intended role of the application.

Engagement Type: Consulting Contract
Target Market: Medium to Large Enterprise
ROI / Selling Focus: Executive Assurance of Information Security issues


Legislative Requirements & Compliance Assessment (LRCA)

Prove corporate due diligence and ensure compliance
The Legislative Requirements and Compliance Assessment (LRCA) will provide the organization with a framework to improve information security policies, governance, and assurance. Through analysis, ComTec determines compliance with Federal and Legislative requirements as well as specific industry best practices. This will highlight areas of strength and those which could benefit from improvement.

Engagement Type: Consulting Contract
Target Market: Medium to Large Enterprise
ROI / Selling Focus: Corporate compliance and ensured due diligence

Operating Environment Risk Assessment (OERA)

Gain awareness of Operating Environment Risk
An Operating Environment Risk Assessment (OERA) identifies technical, operating, and security issues within the computing environment and establish a relationship between these issues and organizational impacts.

The information gained from an OERA can be used by business unit managers and IT managers alike to make informed decisions about resource planning, risk management, and operational security. In order to address primary business concerns, ComTec focuses this assessment to provide detailed information regarding the following security aspects:

• Incident Handling and Event Monitoring procedures
  
• Business Continuity/Disaster Recovery Planning (BCP/DRP)
  
• Business unit processes and procedures
  
• Staff awareness program requirements
  

Engagement Type: Consulting Contract
Target Market: Medium to Large Enterprise
ROI / Selling Focus: Corporate compliance and ensured due diligence

Vulnerability Assessments

Provides an organizational security posture overview.
A vulnerability assessment identifies the exposure level and potential business impact that technical vulnerabilities as well as operational issues have on the organization. Standard assessment deliverables provide detailed short term and long term recommendations that are custom tailored for each organizations corporate structure.

Engagement Type: Consulting Contract
Target Market: Medium to Large Enterprise
ROI / Selling Focus: Compliance assurance providing additional value through a bottom-up approach detailing technical priorities and business justifications.

Policy & Procedure Assessments

Identify oversights and create long term support for business processes.
Assesses the effectiveness of existing organizational policies and procedures and provides direction for improvement. Standard deliverables focus on how information security policies, procedures, standards and guidelines support the organizations key business processes.

Engagement Type: Consulting Contract
Target Market: Medium to Large Enterprise
ROI / Selling Focus: Compliance assurance providing additional value through a bottom-up approach detailing technical priorities and business justifications.

Penetration Assessments

Identify key technical issues and create immediate enhancements in organizational security.

Simulates attack scenarios from selected entry vectors in to the organizations network. Covers scenarios ranging from insider abuse, criminals, outside attackers, and corporate espionage. Standard deliverables are focused on creating a security enhancement project providing organizations with immediate improvements in their security posture.

Engagement Type: Consulting Contract
Target Market: Small to Large Enterprise
ROI / Selling Focus: Compliance assurance providing additional value through a bottom-up approach detailing technical priorities and business justifications.

Technology Assessments

Identifies and recommends the most effective and secure technology Implementation for your business requirements.

Our Technology Assessments review the business impact and inherent security of a certain technology existing or to be implemented in the organization. Technologies such as wireless connectivity, identity management, encryption, VPN, IPS or vendor specific application or technology solutions are reviewed for areas of concern and corrective solutions. Standard assessment deliverables provide a detailed situation analysis identifying business risks associated with the technology and its implementation. Recommendations outline the steps required for proper solution selection and implementation guidelines.

Engagement Type: Consulting Contract
Target Market: Small to Large Enterprise
ROI / Selling Focus: Compliance assurance providing additional value through a bottom-up approach detailing technical priorities and business justifications.

Business Risk Assessment

Identify risks and associated costs facing your organizations information systems.

Risk is a cost of doing business. Knowing the risks your organization faces and the associated costs is the essential first step in managing your risk. Standard deliverables focus on quantifying threats that your organization faces and allows an organization to determine cost-effective solutions that meet industry best practice.

Engagement Type: Consulting Contract
Target Market: Medium to Large Enterprise
ROI / Selling Focus: Compliance assurance providing additional value through a bottom-up approach detailing technical priorities and business justifications.

Privacy Assessment

Conduct a privacy assessment to evaluate the privacy risks that might exist in your organization.

Privacy assessments are central to ensuring compliance within your organization. ComTec will help you find the right privacy solution for your organization. Our assessments cover a complete privacy compliance program and every engagement is tailored to your specific organization. Standard deliverables include a strategic privacy review that assesses your operations to test compliance with privacy requirements, a compliance gap analysis with prioritized recommendations facilitating a well designed privacy compliance program, and a long term plan for ongoing compliance assurance.

Engagement Type: Consulting Contract
Target Market: Medium to Large Enterprise
ROI / Selling Focus: Compliance assurance providing additional value through a bottom-up approach detailing technical priorities and business justifications.

Development Environment Assessment

Identify areas of improvement within the system development life cycle (SDLC) regarding information security and audit controls and procedures.

The application development environment which the organization utilizes requires a number of formal and informal policies and procedures regarding design and development of applications and information systems. Whether the environment an external third party or an in-house department this review will highlight areas for immediate improvement and facilitate long term changes to ensure on-going protection.