Security Audits Recommendations


(Samuel Crisp) #1

Who do you use to audit your network for security and reliability?

We get our annual PCI compliance port check, but we are looking to have an annual audit done to ensure our servers and firewalls are keeping the bad stuff out and that we are observing best practices.

Any recommendations?


(Christopher Harvey) #2

We have used local (to Indiana) companies, so I can’t really recommend a specific vendor, but I can mention what we have done and about how much we’ve paid with 3 different vendors for annual security audits over the past 3 years.
We typically pay $15k-$18k each year for the following

  • Security Assessment & gap analysis - about $4k
  • Phishing and pretext calling tests - about $3k
  • Penetration test - $5k
  • Internal vulnerability scan (70 production server IPs) $3k-$5k

Of course, we are an insurance company and must have these done as part of compliance; so it’s possible we are paying a higher rate??

Hope that helps.