Cyber-Security Testing & Assessments

SECURITY CONTROLS ASSESSMENT

An Information Technology (IT) Security Controls Audit consists of a comprehensive review of your technical and non-technical controls. IT Security Control Audits assess an organizations compliance with controls that cover technical, administrative and physical security. An audit validates the effectiveness and implementation of established IT security controls and identifies security controls which have not been addressed. These are just some of the frameworks we see:

  • HIPAA
  • NIST
  • PCI-DSS
  • DOD (FISMA/RMF)
  • FFIEC
  • OWASP
  • CMMC
  • FAA
  • CIS

INCIDENT RESPONSE PLANNING AND ASSESSMENT

Ensure an organized approach to addressing and managing cyber incidents. Minimize damage and reduce recovery time and associated costs.

  • Development of Incident Response plan
  • Assessment of the environment and remediation
  • Recommendations to reduce risk and minimize potential for cyber incidents
  • Half-day to multi-day table top exercises

RISK ASSESSMENT

Comprehensive assessment of your security program.
Services include:

Vulnerability Assessment (Network, Web, and Third Party)

  • Scan of selected systems performed
  • Monthly or quarterly scans available
  • Validation of remediation available
  • Internal, External, or both

Penetration Testing (System, Network, Mobile, Physical and Web Application)

  • Assess the security of the Enterprise Infrastructure by methodically evaluating known and unknown system and service vulnerabilities
  • Performed on single system or across the Enterprise
  • Onsite or via remote, unfiltered VPN access
  • Full and Lite versions available

Social Engineering Exercises

  • Uses weaknesses in human nature to access company information, to gain access to physical facilities, or Enterprise Infrastructure
  • Accomplished through phishing, vishing, impersonation, and exploitation of physical vulnerabilities
  • Phishing Simulation Tool to launch campaign against an organization
  • Customizable engagements and report analytics
  • Onsite or offsite via email or phone/mobile access