Our technical evaluation services are designed to examine how effectively a business's key assets are protected from risk by IT security systems then to offer recommendations that help clients improve the quality of that protection.

This may involve some of the services outlined in the 'penetration and application testing' section of this website, including build reviews of key servers; and network protection analysis.

We will examine the design of network defences, looking to see where firewalls are located, whether or not they are configured correctly and if their rule bases are functioning as they should; trying to determine if there is effective internal network segregation between parts of the system accessible to staff and the payroll system, for example; reviewing which systems are placed in the Demilitarised Zones (DMZ's); and analysing network traffic flows. There should also be an audit of content security processes, of how data is examined as it enters and leaves the organisation's systems. We aim to provide our clients with a clear and comprehensive view of how effectively systems are helping to manage risks, and of any areas where the design and configuration of systems may actually be creating risk.