ethiSEC offers a compliance/vulnerability testing service in lieu of penetration testing. While this activity possesses a number of similarities to penetration testing, it is not a penetration testing service.
Compliance Testing Goals
The primary goals of our compliance testing service are to identify if the network or services under test are compliant to the policies and documentation that supports them. We utilise commercial and open source tools to scan networks or individual services under test to identify any compliance or policy deviations and vulnerabilities.
We perform a detailed analysis of all of the findings to reduce errors or false positives that can skew the results applicability.
From the testing performed we develop a detailed gap analysis for the network or networked devices tested. This report provides its sponsor with an appropriate level of information that will allow further investigation useful to identify policy and procedure shortcomings. It will also allow you to identify all specific remediation actions that are required.
Who may find this service useful
Any organisation that desires to improve the security posture of their organisation or has ongoing compliance activities to meet such as Sarbanes Oxley (SOX) or PCI-DSS.