Security Testing

No matter how effective a risk management strategy is, assurance of its effectiveness can only be attained by testing the organisation’s security to ensure that the policies have been correctly implemented, and that the policies themselves are correct. ECA has experts skilled in testing the effectiveness of external and internal network boundaries, and end-point access controls.

The keynote of security testing is absolute confidence and discretion for the client - in general the client staff are unaware of the test, since this may affect the outcome. That said, the team is always careful to agree the scope, nature and timing of the test in advance to ensure that it does not impact other business operations.

ECA approaches an organisation’s entire operation holistically, beginning with the logical and physical perimeter and work steadily inwards. The emphasis of external checks is on surreptitious infiltration.

Once the team has checked from the outside, it then works inwards examining the interaction between people, processes and any technology used to support your daily operations. Experience shows the value of examining corporate services as an ‘end-to-end system delivery’. This includes checking the IT and communications systems for flaws and vulnerabilities to ensure that corporate services are not liable to failure by accident, inadvertent action or outside intervention.

A final confidential report is delivered with the findings and recommendations and ECA can fully debrief a selected audience with a presentation of the facts.