Every organisation maintains valuable assets from personal and sensitive information, and organisational data through to systems that are critical to business operations.

Organisations must understand if their security measures are adequate to protect their most valuable assets. RSM can assist with our Vulnerability Assessments and Penetration Testing services to help determine whether these assets are being properly secured, or if they pose a risk to your organisation.

Information security testing is the process of using technical methods to identify results that support an organisation’s risk management program.

Examples include:

• Regulatory-required testing by legislation, standards and/or compliance requirements
• Testing the robustness of new solutions being implemented
• Validation of security processes 

Comprehensive security testing examines vulnerabilities from multiple perspectives using a variety of tools (developed in-house, open source, or commercially licensed) that can address a variety of organisational needs. 

Examples of the types of services we offer include:

• Vulnerability assessments: using a mostly automated approach, we identify vulnerabilities on several different network assets including, but not limited to, network devices, operating systems, web applications and web servers. Our vulnerability assessments can benefit organisations of any size and highlight exposures on internal or external systems. These scans give you an overall picture of the vulnerabilities present on your networks and assist in vulnerability risk management.
• Penetration testing: a test where we demonstrate how a malicious attacker might breach an organisation, with the tests helping to prevent such an occurrence. Penetration tests are conducted within an allotted timeframe and offer close to real-life examples of an attacker targeting your organisation. Through penetration tests, RSM consultants will attempt to breach the organisation by acting as an unauthorised user, with the goal of compromising your networks and data.
• Red team assessments: Undergoing a real-life attack scenario on how an organisation could be compromised can help to test preventative and detective controls. This simulation uses the same basic approach included in penetration testing, except it is performed over a longer time period, with the main goal of being undetected by simulating attacks used by real-world adversaries. This type of testing aims to determine the effectiveness of an organisation’s detective and incident response controls.
• Application testing:  identifying critical web application vulnerabilities that may be leveraged to either breach systems and applications or gain access to sensitive data. We offer comprehensive static analysis assessments that analyse an application’s source code for potential vulnerabilities that could be leveraged by an attacker, and a dynamic penetration assessment where we interact with the application like a typical end user.
• Social engineering testing: One of the most common and successful attack strategies, social engineering exploits weaknesses in human nature, rather than hardware, software, or network vulnerabilities. These attackers manipulate employees to reveal passwords or download malware-infected files that result in stolen network credentials, data breaches and fraud. Social engineering testing assesses the security risk awareness of your employees through tactics that include phishing (email), vishing (phone) and physical based tests.
• Wireless testing: most organisations are using some sort of wireless technology to support their employees or customers, which makes it an increasingly prominent target for cyberattacks. Wireless networks provide convenience and mobility but bring their own risks that are often overlooked as organisations test and secure their environments. This testing determines if wireless technologies present an unacceptable level of risk, including their configuration, hardening, usage, and security of endpoints (e.g., laptops and mobile devices).
• Firewall assessment: using automated tools and manual techniques, we analyse your firewall’s configuration and ruleset line by line to ensure it meets best practices and hardening techniques.
• Network architecture review: we assess an organisation’s overall network design from a security perspective by using industry best practices to reduce the potential attack surface, including DMZ placement, network segmentation, external presence, and system hardening.
• System hardening & configuration testing: by looking at the security controls on specific devices, we help you set minimum security baselines across your organisation. Our professionals analyse the asset’s configuration against industry standard practices and hardening techniques. The review identifies exposure and breach-response capabilities by looking at logging and alerting abilities, ingress and egress points, and compensating controls. We also assess the asset’s configuration for the implementation of existing minimum-security baselines, use of secure protocols, use of proper patching, identification of known vulnerabilities and overall levels of system access.
   

RSM Australia is a member of CREST, accredited for penetration testing services. CREST was created to address the need for regulated and professional cyber security testers. 
CREST ensures its members have a framework to guide their penetration testing activities, including standards and methodologies aimed at ensuring the very highest standards of leading-edge security testing. 
All CREST member companies undergo demanding and stringent assessments; while CREST qualified individuals must pass rigorous professional level examinations to demonstrate knowledge, skill and competence.

Maintaining our CREST membership and penetration testing accreditation shows RSM Australia is committed to delivering a high standard of security services for our clients.

KEY CONTACTS