SecureForce Secruity Posture Assesment (SPA)


We know cyber security—inside and out


SecureForce Secruity Posture Assesment (SPA)

To enable risk-based decision making, an organization needs to understand the value of its assets and be able to effectively assess the security posture at both a micro and macro level. Assessment results must be framed within an organizationally relevant context to ensure the impact of findings can be accurately measured. For example, asset value or criticality could be derived from business impact analysis data developed as part of an overall Continuity of Operations Planning (COOP) program. Vulnerability scan data should be validated to eliminate false positives, and then coupled with configuration audit results and application security assessment results. The combined results should then be modeled against the security architecture to more accurately quantify the risk based upon asset criticality ratings and actual network accessibility and other environmental considerations.

At SecureForce we believe context is key and that raw assessment results present little value on their own without analysis of their probable impact and validation of their applicability to the environment. Our assessment approach is implemented through the use of key technologies to accelerate the process and make it more accurate through automation of assessment result collection and correlation, coupled with consistent and repeatable workflows driven by electronic surveys for manual control testing and assessment of non-technical controls.

Cyber Readiness Assessment

From host-based to network-based assessments, from external to internal vantage points, and from applications and databases to all flavors of operating systems, SecureForce security engineers have significant experience performing security assessments across all components of an enterprise. Many of the assessments we perform include:

  • Configuration auditing
  • Database security assessment
  • Network vulnerability assessment
  • Penetration testing
  • Software code audit
  • Social engineering
  • Web application security assessment
  • Wireless network security assessment
  • Voice communications assessment (including analog and VoIP)


Rate this application