FFIEC Independent Diagnostic Tests

The FFIEC Information Security Handbook details three different types of Independent diagnostic tests including penetration testing, technical audits, and assessments. En Garde's technical vulnerability services cover all three aspects or can be tailored to focus on specific areas of need.

En Garde's unique hands-on-approach to technical vulnerability assessments allows us to go beyond a simple network scan and look for risks that would not be found by scripted attacks. Using our unique set of tools, experience, and skills, we have improved the security of countless networks, applications, and servers. Every network is unique and should be reviewed and tested as such. En Garde takes that into account through our manual testing techniques. For all of En Garde's services, details of all work performed, including testing and our analysis of network security conditions, is consolidated into a comprehensive report.

Penetration Testing

A penetration test subjects a network or system to real-world attacks to test and determine the effectiveness of existing controls. "The benefit of a penetration test is to identify the extent to which a system can be compromised before the attack is identified and assess the response mechanism's effectiveness" [from the FFIEC IT Security handbook]. En Garde follows a standard methodology to look for both known vulnerabilities, as well as issues in configuration that are specific to your environment.

Technical Audits

"Auditing compares current practices against a set of standards" [from the FFIEC IT Security Handbook]. Technical audits allow organization to baseline ans track over time the security of the network. En Garde commonly uses the FFIEC IT Security guidelines or the PCI specifications, but we recommend performing the audit against your institutes' own guidelines and standards.

Technical Vulnerability Assessments

"An assessment is a study to locate security vulnerabilities and identify corrective actions. An assessment differs from an audit by not having a set of standards to test against. It differs from a penetration test by providing the tester with full access to the systems being tested." [from the FFIEC IT Security Handbook] En Garde's Digital Risk Management and Assessment options extend the scope from a basic penetration test to cover all Digital Risks across the institution.