eCommerce Risk assessments can identify risks around your eCommerce processes before they can be exploited. eCom sites are in the front-line for global attacks and are often vulnerable to determined attackers. This service will accurately profile the current level of IT risk exposure for the business and the brand and provide recommendations to reduce risk.
Attackers focus on eCom sites because, historically, they’ve been easy prey and the attacks easy to monetise. Weak infrastructure controls, inadequate patching and poor awareness of what is ‘risky’ from an IT point of view have facilitated many attacks.
With many years of experience of evaluating eCom site security though eCommerce risk assessments, penetration testing and prioritising remediation activities, Prism Infosec is ideally placed to offer this short and competitively priced eCom Risk Assessment Service.
The Service is designed to be delivered in less than a week, with an on-site visit to discuss with the eCom teams or third parties:
The main deliverable is a short report highlighting areas of IT risk identified and prioritised and pragmatic recommendations for reducing this risk.
A further optional on-site presentation of the key findings and recommendations can also be provided, if required, which can facilitate interactive discussion of key points with internal teams.
Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.
No, but travel time and expenses are charged at cost.
We’ll need to speak to anyone involved in the hardware, software or network infrastructure of the eCom site. Typically, the team or third party developing the eCom site code would be a key part of the process. Teleconferences can be arranged for remote teams.
Yes, focused assessments have been carried out for a more detailed analysis of specific areas such as resilience or the processing of customer card holder data. The scope of the review can be narrowed down if required.
Yes, the assessment is done by qualified PCI QSA’s with many years of PCI experience.
No, it’s not a formal Risk Assessment which evaluates risk against an organisations risk appetite (although a formal RA can be offered if that’s preferable). This assessment is focused more on identifying residual risk in an eCom business.
This service is a more holistic look at ‘the bigger picture’ and not just a physical test. Practical vulnerabilities can be found in people, process and procedures as easily as software and are often not identified until they are exploited.