Auditing has been a difficult process for institutions due to stronger requirements, the explosive growth of vulnerabilities and the increase in dependence on computers and the Internet. sandSecurity understands this and redefines IT Audit Services through changing the audit process into an educational opportunity that empowers you with IT Security awareness and tools.

sandSecurity has changed the paradigm of the security audit. We perform external and internal security assessments in two phases: The Blind Assessment and The Full Knowledge Assessment.

The Blind Assessment is performed using a minimum amount of information, just as an attacker might have and unbeknownst to your IT staff. We study and evaulate attack tactics and use the knowledge as part of our strategy in simulation of real-world action. This Blind methodology allows us to accurately measure security risks while raising awareness concerning public information available about your company.

The Full-Knowledge assessment is performed once the Blind Assessment is completed. We ask the customer to provide all policy, network and system information so that we can perofrm an exhaustive evaluation. During this phase, we work directly with you and take the time to teach the tools and methodologies to improve your awareness and business capability. Customer input and participation is a critical and crucial part of our evaluation process. We review network layout and services, system configuration, security policy and controls and many other components of a production environment.

The sandSecurity Difference is in how we conduct our assessments. We encourage you to sit with us and learn as we analyze your networks and systems. We demonstrate tools and explain the information we gather. sandSecurity has changed the perception from "Oh No, Not the Auditors" to "Hooray, The Auditors are here!"

External And Internal Assessments
Business Impact Assessments