.: Risk Management & Advisory

.: Audits & Assessments

.: Security Testing

.: Incident Response & Forensics

.: Enterprise Security & Policy

technology consulting information security
mobile innovation managed solutions
Audits & Assessments

Netrus has over 15 years of experience in performing Security Risk Assessments for various levels of government, government sponsored agencies and private sector industries.

Conducting a Security Audit or Assessment is the first step in identifying and understanding security risks within an application, technology, system, process or infrastructure.  Assessments include a thorough review of operating systems, networks, remote access, applications (firewalls, wireless & web), databases, routers, switches and other peripheral devices. 

By reviewing these in conjunction with business processes, organizations can discover the vulnerable spots in the environment and take corrective action before they are exploited by an intruder or hacker.  We base our assessment on People, Processes and Technology within an environment.

Our Threat Risk Assessment methodology was among the first to be designed after the international code of practice for information security management British Standard 7799, later adopted as ISO 17799 and adopted in 2000 as ISO 27002, which defines management controls for information and privacy risk across the full spectrum of business operations.

Netrus provides a full spectrum ISO 27001/2/17799 based Threat Risk Assessment across the entire enterprise and has numerous consultants that have been trained and deliver assessments used by the Royal Canadian Mounted Police (RCMP), the Communications Security Establishment (CSE) and NIST SP 800-30.

Netrus has developed and provides a full-spectrum of Security Audits and Assessments across the entire enterprise and has numerous consultants that have been trained and deliver assessments based on:

  • ISO17799/27001/27002
  • Privacy Impact Assessments (PIA)
  • Controls Complicance Reviews
  • Security Impact Assessments
  • Enviornment Risk Assessments
  • Web and Mobile Application Vulnerability Assessments and Code Reviews
  • VoIP Security and Vulnerability Assessments
  • Wireless Security and Vulnerability Assessment
  • Cloud Security Assessments
  • Threat Risk Assessments used by:
    • Royal Canadian Mounted Police (RCMP - HTRA)
    • Communications Security Establishment (CSE)
    • NIST SP 800-30
  • Application Code, Security and Testing based on:
    • OWASP methodologies, guidelines and best practices
    • OSSTMM methodologies, guidelines and best practices
  • MFIPPA & PHIPA Legislative Acts
  • PCI Security Standards
  • Industry Best Practices

Security Policy Compliance Monitoring

We provide a second pair of eyes to independently review an organization or third party supplier based on their existing policies, procedures or contracted services - generally referred to as Security Governance or Compliance Monitoring.

Upon completion of the review, our Consultants generate a report outlining deficiencies found and recommended resolutions. These services are specifically tailored to each client's requirements.