Vital Security Assessment

 

Vital Security Assessment is the first of three phases which make up the K logix TRAX security service. This phase provides analysis of a firm’s critical information and its interactions with users, applications, and distribution points. The components that make up this phase are summarized below.


Information Discovery


K logix TRAX was developed to help our customers who require assistance performing security assessments on particular databases or applications where some or all of their confidential information resides. What we quickly realized was that many firms do not know what information is critical, nor do they know where that information is located.  During Information Discovery, K logix works with the client:

  • To understand existing technical safeguards, which may help limit exposure to sensitive data
  • To understand existing business processes

For the complete description of Information Discovery please download our White Paper: http://www.klogixcorp.com/Trax/TRAX_Whitepaper  

Information Classification


Adhering to a formal Data Classification Program is just one of the many keys to a proper information security practice.  During this phase of the assessment K logix works with the client to:

  • Identify existing data classifications
  • Assist in the classification of information identified during Information Discovery

In organizations where information classification standards haven’t been defined, K logix works with the client to:

  • Define information classification categories
  • Design protective controls necessary to safeguard data based on these classifications

For the complete description of Information Classification please download our White Paper: http://www.klogixcorp.com/Trax/TRAX_Whitepaper  

Information Lifecycle Evaluation


Reviewing an organization’s Information Lifecycle is a critical step to ensure that information is adequately safeguarded from malicious or inadvertent disclosure.  By using the data gathered during the Information Discovery Assessment and Information Classification, TRAX will:

  • Perform point-in-time validation of the location of critical data
  • Identify components that store, transmit, or process this data

For the complete description of Information Lifecycle Evaluation please download our White Paper: http://www.klogixcorp.com/Trax/TRAX_Whitepaper 

 

Application Penetration Assessment


The purpose of the Application Penetration Assessment within TRAX is to evaluate a production-like deployment of the application components, review its security architecture, enumerate potential threats, and validate those threats during the penetration assessment. During the application penetration phase of a project, the application security team evaluates the likelihood or potential impact on confidentiality, integrity, and availability of the application.  The following outcomes are key objectives of this exercise:

  • Analyze the interaction between the application and integrated components or products
  • Identify security vulnerabilities and the impact associated with exploitation scenarios
  • Perform informed vulnerability tests against authentication, authorization, session management, and use of cryptography

For the complete description of Application Penetration Assessment please download our White Paper: http://www.klogixcorp.com/Trax/TRAX_Whitepaper

 

Application Security Code Review


The TRAX Security Source Code Review identifies instances of insecure coding practices and other language-specific security vulnerabilities. The results from this review provides clients with a detailed list of implementation-level security findings and general guidance regarding how to adjust the Software Development Lifecycle (SDL) to reduce the occurrence of often repeated coding mistakes.  Here are some areas assessed:

  • Implementation of authentication, authorization, and session management
  • User input validation, including the handling of user input data intended to execute additional functions or spawn external programs
  • Proper handling of security-critical data, including authentication credentials and cryptographic keys
  • Secure interaction with the operating system, web server, file system, etc.

For the complete description of Application Security Code Review please download our White Paper: http://www.klogixcorp.com/Trax/TRAX_Whitepaper 

 

 

 

 



© K logix, LLC    233 Harvard Street Suite 308 Brookline, MA 02446    p: 888-731-2314