The Quick Read Identification of platform vulnerabilities Review of technology and management controls Review operating system and application configuration that may lead to information leakage or system breach Review of core middleware systems that may result in network breach Click Here to download Platform Security Assessment (pdf)

Who Needs a Platform Security Assessment?

	Companies that have computing platforms, such as, desktops, laptops, web servers, application servers, database servers, middleware components, point-of sale solutions, data exchange servers, FTP servers, VOIP systems, VPN appliances, or network layer components should consider conducting platform specific security reviews to ensure system vulnerabilities do not exist in their configurations.
	Companies that have firewall and remote access platforms deployed on the Internet or between business entities should consider platform security assessments.

What is Platform Security Assessment?

Arsenal’s Platform Security Assessment includes a system review from an architecture and component configuration perspective. Review of configuration files for the operating system and any installed middleware component is included. Review of management controls which includes security policy, organization, asset classification, physical access, network or remote access, business continuity and systems maintenance

Components included in platform security assessment are:

	System architecture placement review		System configuration review
	Operating system configuration review		If installed, any middleware component configuration review
	Security management controls review		Security vulnerability scanning and penetration testing
	Detailed findings and recommendation reporting

Platform Security Assessment Engagement Process and Deliverables

After an initial call, the Arsenal Security Group Senior Partner will prepare a statement of work within 2 days and we normally can begin an engagement within two weeks. During the engagement we will use interviews, questionnaires, physical tours and technical tools to develop our assessment. We usually use 1-2 consultants in tandem with our Senior Partner to complete an engagement. We will provide an executive summary, a detailed report with all of our findings and recommendations, and a final onsite presentation. Our engagement is not complete until all of our deliverables have been reviewed and accepted by our client.

About Arsenal Security Group
Arsenal Security Group is a security consulting firm that is focused on close client coordination and collaboration. From the initial meeting through the final presentation, one of Arsenal Security Group’s Senior Partners will be the primary contact for all engagement activities. We proactively conduct weekly calls with our client when engaged and meet with clients on a quarterly basis to review and understand their security posture – even when we are not actively engaged on assignment to ensure they are aware of new security risks or regulatory changes they may impact their business.

^^ Top