SekChek

Infobox Software
name = SekChek



caption =
developer = SekChek IPS
latest_release_version =
latest_release_date =
operating_system = Windows, OS/400, UNIX, Netware, MS-SQL
operating_system_desc =
size =
genre = Computer Security and Audit
license = Proprietary
website = [http://www.sekchek.com SekChek.com]

----SekChek IPS is a software and services company that develops automated computer security auditing tools and provides information security assurance services

The company was founded in 1994 by two ex Big 4 audit managers, Gordon Docherty and José Masson. Together they developed computer system auditing and security assessment services to assist IT departments, External Audit firms & Internal compliance and corporate governance departments to assess and benchmark security compliance.

The company maintains their Marketing and Sales office headed up by Andrew Chodelski (VP of Global Marketing), in Charlotte, North Carolina.

The computer security auditing software was designed to support the most commonly used operating systems of the time: Windows, OS/400, UNIX, Netware.
The company maintains benchmarks of computer security performance across 22 industries based on a statistical database of over 50,000 system reviews performed during their 10+ years in existence.
Clients that use their tools and services can compare and benchmark their system security with others in the same industry.

Products & Services

ekChek Classic

SekChek Classic is a family of automated security analysis and benchmarking tools, designed for use by audit firms and their clients. The software measures computer security against international leading practices for security and real-life averages by industry sector. It is intended to provide independent, objective assurance on the effective implementation of operating system security measures on Windows, AS400 (iSeries), Novell and Unix platforms. The package includes graphical summaries and detailed report sections including: identified risks and recommended actions.

The Summary Report highlights the key issues detailed in the security report. It includes an overall rating against leading security practices.

ekChek Local

SekChek Local is an automated security audit tool which scans multiple Windows servers at a time, from any Windows enabled workstation on a network. It creates a security assessment report file immediately on-site which is presented as an Microsoft Access dataset.

ekChek SQL

SekChek SQL is an automated security audit tool which scans multiple MS SQL database servers at a time, from any Windows enabled workstation on the same network. It creates a security assessment report file immediately on-site, which is presented as an Microsoft Access dataset.

Business and markets

The company's website indicates that their products are used by professional clients in 100 countries and that their security benchmarking database contains over 25 million anonymous security measures retrieved from over 50,000 analysed systems. The products and services offered by the company are utilized by computer auditors, security professionals, accounting firms and their clients.

The software was designed not to impact the target system in any way and contains no setup routine, no DLLs installed and no changes to the System Registry or similar configuration data.The software does not require licensing fees and works on a pay as you go system.
The company's firewall policies and configurations are independently audited on a regular basis to provide assurance that they are adequately protected from external intruders.

SekChek has Trademark Approval in the USA.

Criticism

Some clients, with company policies against removing sensitive corporate data, were sometimes concerned about using SekChek Classic. These concerns were dissipated by the introduction of their new SekChek Local on-site reporting tool for Windows

References

[http://www.clickpress.com/releases/Detailed/38496005cp.shtml ClickPress - Unique Security Assessment Tools]
[http://www.networkworld.com/newsletters/nt/2006/0508nt1.html Script Logic]
[http://www.itcinstitute.com/display.aspx?id=4019 SekChek Offers TLS Encryption for Added E-Mail Security]
[http://www.earthtimes.org/articles/show/computer-security-evaluator-sekchek-announces-brand-new-product-for-on-site,317272.shtml Earth Times - On-Site Security Assessments]
[http://www.darkreading.com/document.asp?doc_id=96430 Jennifer Bosavage - New Service Seeks Out Security Gaps - Techweb]
[http://www.itsecurity.com/security.htm?s=17825 Independent Reality Check of OS Security - ITSecurity]

Further Reading

[http://www.windowsecurity.com/software/Network-Auditing Network Auditing]
[http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=16724&TEMPLATE=/ContentManagement/ContentDisplay.cfm IT Audit Basics: Approach to Auditing Network Security]
[http://www.isaca.org/Content/ContentGroups/Member_Content/Journal1/20044/What_Auditors_Should_Know_About_Encryption.htm What Auditors Should Know About Encryption]
[http://www.theiia.org/ITAudit/index.cfm?act=itaudit.archive&fid=59 Use of Computer-Assisted Audit Tools and Techniques (CAATTs), Part 1]
[http://www.theiia.org/ITAudit/index.cfm?act=itaudit.archive&fid=60 Use of Computer-Assisted Audit Tools and Techniques (CAATTs), Part 2]
[http://www.theiia.org/index.cfm?doc_id=5365 The IIA's GTAG 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment]

External links

[http://www.sekchek.com SekChek Home Page]