Vulnerability Scans and Assessments
# | Service Description | Deliverable |
---|---|---|
1 | Database Vulnerability Assessment: Includes the scanning of databases and is conducted with credentials to provide a full and comprehensive view of the database(s). | Comprehensive Report to identify all potential database security related issues |
2 | External Vulnerability Scan: An external vulnerability scan to look for vulnerabilities on network perimeter or website from the outside looking in. Examine the organization's security profile from the perspective of someone who does not have access to systems and networks security perimeter. | Review customer’s network and firewall policies to gain an understanding of their environment; Conduct external scan to identify vulnerabilities and possible threats; Conduct external scan to identify vulnerabilities and possible threats. Document vulnerabilities and threats found in the customer’s network. Meet with key personnel to review findings and provide recommendations |
3 | Internal Vulnerability Scan: Scans a range of IPs for open ports, patch status, weak passwords, encryption protocols, and application/OS versions and vulnerabilities. | Summary Report and Recommendations |
4 | Security Vulnerability Assessment: This testing process is used to identify and assign severity levels to as many security defects as possible. Includes AD hardening review/assessment, asset detail report, security report card, and a hardware lifecycle review. | Summary Report and Recommendations |
5 | Wireless Network Vulnerability Scan: A comprehensive report that identifies all discovered wireless devices. For each device detected, the report will contain the type of signal detected, the Media Access Control (MAC) address of the device, the wireless channel the device is operating on, what type of security/encryption the device is using, and the Global Positioning System (GPS) location of said device. | Summary Report and Recommendations |
Process, Policy, and Procedural Assessments
# | Service Description | Deliverable |
---|---|---|
6 | Access Control Policies/Procedures: A security documentation service focused on helping agencies design and document system access control processes and procedures that comply with federal guidelines. (CISA) | Summary Report and Recommendations |
7 | Backup and Recovery Strategy Assessment: Discuss the state of the current backup and recovery strategy to ensure their perceived safeguards will perform as intended when needed. | Discussion of customer environment and backup/restore considerations for up to one hour. Written report including the size of backups, retention strategy, cloud hosting requirements and time objectives |
8 | Business Impact Analysis (BIA) System Security: BIA System Security services include the development, update, or review of the BIA to determine the mission/business process and recovery criticality, identify resource requirements, and identify the recovery priorities for system resources. | Discussion, Findings, and Recommendations |
9 | Cybersecurity Policy Support: Assists customers in developing and maintaining information security and privacy policies based on the most recent guidance from legislation, executive orders, directives, policies, regulations, and other technical standards. | Guidance in developing and maintaining Information Security and Privacy Policies. Summary Report and Recommendations |
10 | Disaster Recovery Plan Review: Review to assess how capable the organization is to restore IT infrastructure functionality and access to critical data based on current Disaster Recovery Plan. Service can only be requested following completion of a Disaster Recovery Plan Creation service or upon demonstration of a completed DR plan. | Summary Report and Recommendations |
11 | Foundational Assessment: A questionnaire in the form of an assessment addresses foundational cybersecurity questions to get you started with evaluating your organization’s current cyber posture. The assessment is aligned to both the NIST Cybersecurity Framework and the CIS Critical Security Controls and for those who have not taken other larger assessments before. | Assessment and Recommendation |
12 | IT Asset Management (ITAM): Evaluate whether the organization’s assets are accounted for, deployed, maintained, upgraded, and/or disposed of. Service can only be requested following completion of an IT asset inventory service or upon demonstration of a completed IT asset inventory. | Summary Report and Recommendations |
13 | Log Audit/Monitoring Processes/Procedures Consultation and Documentation: Audit log monitoring processes and procedures consultation and documentation includes a security documentation service focused on helping agencies design and document system audit log monitoring processes and procedures that comply with federal guidelines. | Security documentation service focused on processes and procedures that comply with federal guidelines |
14 | Recommendations and Remediation Plan: Provide recommendations as well as a remediation plan to bring a system up to requirements or suggested levels of security and compliance. | Summary Report and Recommendations |
General Services
# | Service Description | Deliverable |
---|---|---|
15 | Cloud Readiness Assessment: Cloud business review of infrastructure. Discuss the readiness of your infrastructure to move to the cloud; identify gaps in current infrastructure to deliver on your cloud vision; and make aware of changes that will happen from a business perspective. | Discussion; Findings; Recommendations |
16 | Data Breach & PII Liability Summary Report: This is a report summarizing all data breach liability and PII record exposure, which was uncovered during the assessment. | Summary Report and Recommendations |
17 | Data Security Review: Review the effectiveness and efficiency of existing data security processes. | Summary Report and Recommendations |
18 | Email Encryption Assessment: Test for existing email encryption and report on effectiveness of current solution in place. | Summary Report and Recommendations |
19 | Endpoint Security Assessment: Today’s sophisticated attackers are going “beyond malware” to breach organizations, increasingly relying on exploits, zero days, and hard-to-detect methods such as credential theft and tools that are already part of the victim’s environment or operating system. Endpoint security products respond to those challenges with a solution that unifies next-generation antivirus (NGAV), endpoint detection and response (EDR), managed threat hunting capabilities and security hygiene that is cloud-managed. | Review customer’s existing endpoint security strategy; Deploy a limited number of sensors on customer identified endpoints; document vulnerabilities and threats found in the customer’s environment; Meet with key personnel to review findings and provide recommendations |
20 | G-Suite Security Assessment: Identify G Suite security features and application settings for administrator accounts that deviate from security best practices, as defined by Google. Report with actionable remediation recommendations with risk analysis for each recommendation. | Report with actionable remediation recommendations with risk analysis for each recommendation |
21 | LAN, WAN, VPN, and Remote Access Review: Review your current infrastructure, network, and remote access for possible issues and provide remediation recommendations. | Summary Report and Recommendations |
22 | Network Assessment Report: This report provides an overview of critical information with various areas of the network, providing a detailed asset inventory summarizing the current status of the network. | Summary Report and Recommendations |
23 | Whole-Disk Encryption Assessment: Review all machines for whole disk encryption to ensure it is installed, enabled and working as expected. | Summary Report and Recommendations |
Contact
Fax
(617) 626-4411