Engage our team to assess your risk exposure, get a clear view of opportunities to strengthen your cybersecurity program, and orient your team with solid procedures and training.
Our team has extensive expertise with each of these practices:
Annual Risk Assessment
Our highly qualified security professionals perform security risk assessments of the information security for your environment. Our security risk assessments are conducted in alignment with the practices enumerated in the current version of NIST SP 800-30 or the specific compliance frameworks required of the business. After collecting and analyzing the information gathered, you will receive a comprehensive report providing a clear picture of the level of risk present within your business. This report will include any vulnerabilities which will be rated as Critical, High, Medium, Low, and Informational.
CMMC Readiness Assessment
Our experienced security professionals will perform a Cybersecurity Maturity Model Certification (CMMC) Readiness Assessment for companies required to follow NIST SP 800-171, and the eventual CMMC framework, against the client environment to address the technical, administrative and physical security controls enumerated in NIST SP 800-171 as well as the current version and expected level required under CMMC. Through a discovery process, we will collect organizational level information, any known security classification guides, asset inventory, critical asset inventory (including CUI and CUI types), policies and procedures, plan of action and milestones (POA&M), and current system security plans (SSP). Your consultant will provide you with a summary response per DFARs with corrective recommendations. If necessary, we can build your company SSP and POA&M as well as provide your SPRS score for submission under the current NIST SP 800-171 requirement.
Network Penetration Testing
Our security experts perform five of the six types of penetration testing: Internal Network, External Network, Social Engineering, Wireless and Physical security. We use a hybrid model of both automated and manual testing methods. Each client network penetration test project is performed by a Certified Ethical Hacker (CEH) and is scoped specifically to your compliance requirement or desired outcome.
Projects including an Internal Network Penetration Test can be executed as an Authorized or Unauthorized test. Our team will provide you with a final report explaining our discovered data, vulnerabilities with high-level remediation recommendations, exploited vulnerabilities and an overview of the tools and methods used during the test. Every company needs to understand which type of penetration test they require if compliance is critical to business operations, or the industries served.
One-Time Internal/External Network Vulnerability Scan
A step towards understanding the technical risks within a corporate network, running a network vulnerability scan will capture a deep level of detail about the current state of network security risks within a business. Our security engineers will capture a cross-section of information about your network, including patching status and possible software misconfigurations.
After collecting and analyzing the information, an Executive Report will be created and then presented to your key stakeholders. Additionally, a more advanced Technical Report will be generated for use by your IT staff to help identify the vulnerabilities discovered with a risk rating of Critical, High, Medium or Low and high-level suggestions for remediation.
Dark Web Monitoring
In partnership with ID Agent, our recurring monthly service actively monitors the dark web for your corporate email accounts. If any are found published on the dark web, we will alert your internal IT points of contact, and if you have a managed security services plan with us, your virtual Chief Information Security Officer (vCISO), taking action and preventing a business email compromise from occurring.
Cybersecurity Training (Delivered Virtually)
For nearly 10 years, we have been providing cybersecurity awareness training to companies of all shapes and sizes. Our virtual training sessions are approximately 90 minutes in length with classroom size limits. The training sessions include four general categories of information; cyberthreat landscape, cyberthreat forecast, threat actor attack techniques, and essentials to avoid being a victim.
Course customization requests will be considered on a case-by-case basis. Our managed security services clients also have the additional benefit of short monthly animated training videos, in partnership with Ninjio, based upon current events to help staff better understand real-world security incidents and how they could have been prevented.
Information Security Policies & Procedures
Every organization needs general information security policies, procedures, an acceptable use policy and a security incident response plan. Having the appropriate plans and policies protects the business and ensures staff members know how to perform their jobs in accordance with security best practices, reducing the risk of a cybersecurity incident turning into a data breach. Our security professionals will coordinate with designated staff to determine the applicable legal, regulatory, contractual, and organizational requirements for security and communications necessary in your business.
We review standard practices in the organization, as well as understand the specific corporate data sources and the impact of data loss to the company reputation and financial risks. We utilize an iterative review process for documentation as well as tabletop exercises for incident response plan training.
Phishing
Our phishing simulation projects are designed to be a point-in-time evaluation of your staff cybersecurity awareness and what risk levels are present. We design, develop and execute educational phishing simulations with the goal of helping businesses clearly identify areas they can improve their user training to prevent a business email compromise. This is one of the most common ways threat attackers break into your corporate network and it’s one of the most cost-effective continuous investments a company can make to reduce their cyber risk.