BREACH REPORTING IN THE UNITED STATES REPORTING IS MANDATORY In the US reporting is mandatory within 30 days of a data breach. There are also certain laws requiring various notification methods to alert affected individuals given the scope of the release. In Canada we have no such reporting requirements and therefore have no way of[…]
PENETRATION TESTING LEVEL II – NETWORK EVALUATION Much more hands-on than a Level I assessment. This process looks at external technical risk potential, however does not actively attempt manual intrusions. This Assessment results in a Threat Analysis Report and defines an estimate of the exposure profile of an organization. The following items are explored: External Firewall Ports[…]
PENETRATION TESTING LEVEL I – HIGH LEVEL ASSESSMENT A top-down look at the organization’s policies, procedures, standards and guidelines. A Level I assessment does not usually involve hands-on technical work. During this period a technical system’s security is not actually tested, rather policies and procedures. The following items are explored: New User Requests or Changes Physical Security[…]
