Vulnerability Scanning

 

Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning

 

Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring

 

We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
ISO 27001 Readiness

ISO 27001 Readiness

Companies require a resource to guide and assist with preparation and readiness for ISO 27001:2013 certification. This resource would need to do the required internal auditing since most companies do not have an independent resource today that is also competent per the standard definition. The desired assistance would be able to accelerate progress, provide guidance on best practices, and do the legwork as needed such as working with functional groups on procedures or assisting in the risk analysis and associated documentation. Our engagement will assess whether business and IT general controls including the plan of organization, policies and procedures, standards of performance, and/or records and reports, adopted by management are adequate and effective and comply with ISO 270001:2013 requirements.

Phase I – Planning

We will determine the audit scope utilizing the ISO27001 Principles:

  • Leadership
  • Planning
  • Support
  • Operations
  • Performance Evaluation
  • Improvement
We will utilize the ISO27001 provided template, Reference Control Objectives and Controls in conducting our review.

Phase II – Assess Readiness & Controls

In Phase II, we will utilize our knowledge gained from phase I to assess the existence and strength of each of your respective procedures and controls. We will request a minimum sample of evidence and perform specific tests to ensure that each documented controls exists.

Phase III – Gap Analysis

We will generate a detailed gap analysis of your technology and operations control environment using the information generated in prior phases. Our gap analysis will consider the current state of controls and will identify weak or missing controls necessary to achieve an ideal state of a controlled environment. Our gap analysis will provide crucial information required to maintain a strong control environment, with the ultimate goal of achieving ISO 27001:2013 certification.
  • Potential high risk areas which can result in our gap analysis may include:
  • Poor security and access controls resulting in unauthorized access to confidential data and potential data leakage.
  • Lack of Information Security Policies and Procedures resulting in inconsistent implementation of security and access control and existence of vulnerabilities.
  • Poor governance practices resulting in systems that do not meet business requirements.
  • Ineffective System Development Life Cycle resulting in untested and undocumented applications in production.
  • Poorly designed processing controls resulting in inefficient processing, manual workarounds and inadequate controls.
  • Inadequate application and infrastructure maintenance, upgrade and testing procedures resulting in outages or application errors.
  • Insufficient backup and restore processes resulting in potential data loss, or application downtime.
  • Lack of documented and tested Business Continuity and Disaster Recovery plans resulting in the inability to deliver services in event of disaster.