Canaudit Inc, IT Security Audit professionals providing IT Audit Services to a level of excellence beyond compliance.

IT Security Audit Services

Canaudit provides a variety of IT security audit services and IT security consulting services to help organizations identify and remediate today's top risks. In business since 1985, Canaudit has the unique advantage of over 29 years of experience in the IT security audit industry. With an experienced and knowledgeable audit team and specialized tools, Canaudit completes more work in less time than competing firms.

To request a proposal or inquire about Canaudit's IT auditing services contact Tamra Savage Jones at tamra@canaudit.com or (805) 583-3723.

Packaged Technical Services

Comprehensive Penetration Testing Service
IT auditing service: Comprehensive Penetration Testing Service
The Comprehensive Penetration Testing Service is performed on a surprise basis. The intention is to thoroughly test the intrusion detection and response procedures to ensure that security breaches are quickly identified, investigated and contained. Our team also performs a full network vulnerability assessment of the operating systems, databases, network devices, and the data within the internal network. This project also includes an optional external penetration test over the Internet, modem identification and testing, and a wireless security check.
IT Security Assessment
IT auditing service: IT Security Assessment
The IT Security Assessment is performed with the knowledge of the IT staff. It is similar to the Comprehensive Penetration Test Service except that the intrusion detection and response procedures are not tested. The first performance of this project sets the baseline, and subsequent tests enable the development of formal metrics to measure enhancements made between test cycles. This project also includes an optional external Internet assessment, modem identification and testing, and a wireless security check.
Network Vulnerability Assessment
IT auditing service: Network Vulnerability Assessment
The Network Vulnerability Assessment is a condensed, lower-cost alternative to the Comprehensive Penetration Testing Service and the IT Security Assessment. The assessment is performed with the knowledge of the IT staff. The network scope may be limited and does not include the testing of intrusion detection and response procedures. This project also includes an optional external Internet assessment, modem identification and testing, and a wireless security check.

Individual On-site Technical Services

Database Vulnerability Assessment
IT auditing service: Database Vulnerability Assessment
The Database Vulnerability Assessment will focus on an organization's Microsoft SQL or Oracle database security and the protection and proper configuration of the application and the user environment. The objective will be to ensure that controls are in place over the installation, configuration and security processes of the databases and the servers that support the databases. This project will include a review of the controls over database and user administration, maintenance and change management.
Forensics Analysis
IT auditing service: Forensics Analysis
A Forensics Analysis will examine servers, workstations and devices for indications of suspicious and malicious activity. This analysis is performed in a manner which ensures proper chain of evidence should legal proceedings need to be pursued.
UNIX / Linux Security Assessment
IT auditing service: UNIX / Linux Security Assessment
The UNIX/Linux Security Assessment will focus on UNIX/Linux security at the Operating System level and the protection of the servers and the user environment. This project will include a full review of security management, system configuration, access controls, file and directory protection. The project will also include technical verification, including checking the parameters and settings and the security of the UNIX/Linux systems.
Windows and AD Security Assessment
IT auditing service: Windows and AD Security Assessment
The Windows and AD Security Assessment will focus on Windows Active Directory security, as well as Windows security at the Operating System level. This project will include a full review of security management, system configuration, access controls, file and directory protection, as well as the auditing function and audit event reporting. The project will also include technical verification, including checking the parameters and settings and the security of the Windows Active Directory and systems.
Wireless Assessment
IT auditing service: Wireless Assessment
The Wireless Assessment is performed to identify vulnerabilities on the wireless network. The project will include a tour of the client’s facilities for the presence of 802.11a/b/g/n wireless networks, the most common types of WLAN. Other types of wireless can also be tested upon request. A summary of wireless networks identified will be provided to the client as well as a review of their security configurations.

Individual Remote Technical Services

Dial-up Vulnerability Assessment
IT auditing service: Dial-up Vulnerability Assessment
The Dial-up Vulnerability Assessment is performed to identify modem vulnerabilities on the Client’s phone network. The project will include identifying, testing, and exploiting any unsecured modems. External dial-up intrusion detection and response will also be measured during this project. To ensure that another company is not accidentally dialed or compromised, which can be a felony offense, the Client must provide telephone numbers for testing in an electronic format.
Internet External Penetration Test and Vulnerability Assessment
IT auditing service: Internet External Penetration Test and Vulnerability Assessment
The Internet External Penetration Test and Vulnerability Assessment is performed to identify vulnerabilities on the Internet-facing systems owned by the Client. The review also determines if an attacker can gain access to a Client's corporate assets remotely from the Internet. This review will be performed remotely from the Canaudit lab. This project includes a full external review of the firewall, web servers, the VPN and DNS, as well as any external FTP servers.
Social Engineering Testing
IT auditing service: Social Engineering Testing
The Social Engineering Testing gauges staff member's security knowledge by attempting to gain internal network access or confidential information access through anonymous conversations with staff, email phishing, USB drive dropping and other creative attacks.
Web Application Penetration Testing and Vulnerability Assessment
IT auditing service: Web Application Penetration Testing and Vulnerability Assessment
The Web Application Penetration Testing and Vulnerability Assessment tests the security of one web site. The assessment is conducted in two stages: the first performed without knowledge of the client's network or valid authentication credentials. The second stage is conducted with authentication information, provided by the Client, to identify issues that would otherwise not be apparent.

Non-technical Services

Contract Review
IT auditing service: Contract Review
The contract review will examine contracts, contract processing and signing authority for key checks, clauses and language that ensure buisness continuity and limited liability in all events.
Policy and Procedure Analysis
IT auditing service: Policy and Procedure Analysis
The policy and procedure analysis can review current policies and procedures or help draft new policy and procedures to ensure they address leading IS and IT topics such as social networking, mobile devices, basic system security requirements and more.

Contact Us