Your IT is as strong as its weakest asset
Which one is right for my organization?
If you are proactive about your health you would normally get a health check done regularly. Similarly, it is recommend that ever company get an overall security assessment done every 6-12 months as systems and policies change constantly.
Security is complicated, so we have broken it down into the following pieces of the puzzle.
Risk grows exponentially with time. Now is the right time to take action.
Cyber Security Awareness Training
Security touches everything in life today. This course is designed for everyone, from sales, marketing, HR, doctors, lawyers, to IT.
We make this fun!
It is full of practical, real life scenarios with demonstrations, screenshots, interaction and donuts! This course is meant to open your eyes on how easy it is to fall prey to Cyber Criminals. We will demonstrate hacker techniques and educate on the basics on how to protect yourself without jumping into any advanced topics.
- 2 hours on-site presentation (or web conferencing)
- Focus group of up to 15 individuals per sessions
- Training follow-up: Short monthly emails to refresh important topics for 12 months
Everyone is vulnerable. Let us help you secure your greatest asset.
Ethical Hacking/Penetration Testing
The best way to assess your security is to put it to the test.
No car manufacturer will sell a vehicle without a crash test. A penetration test is the logical next step. It will show how effective your strategy is against attackers. Without it, you are just guessing and hoping for the best.
Penetration Testing (pentesting or Ethical Hacking) is the act of gaining access to a network, much like a hacker, by exploiting security vulnerabilities. The attack can be performed from internal or external means. The goal is to gain sensitive information, like in a data breach, and determine effectiveness of security investments against a controlled and simulated attack.
- Web Application penetration testing
- Wireless penetration testing
- Internal Pentesting
- External Pentesting
- Telephony or VoIP penetration testing
- Social Engineering testing
- Spear Phishing Campaigns
- Vishing (voice/phone)
- Physical penetration testing
- Validation of 3rd party assessment results
The results re-assess your security plans and develop strategies to mitigate such attacks.
A Vulnerability Assessment takes a broader approach and identifies risks and vulnerabilities and how to mitigate them. Primary tasks include:
- Device Discovery
- Scanning for known vulnerabilities in systems, services, protocols, OSs
- Open Source Intelligence (OSINT) gathering
- Catalog resources & categorize the threats and risk
- Identify False Positives
- Identifying security holes and vulnerabilities
- Analyse information security posture
- Security Assessment Report
- Identify sensitive data that may be at risk of being compromised
- Investigate potential business impact
- Evaluation of Risk
- Investigate and develop remediation strategies
- Prioritization of vulnerabilities
- Explanation of weaknesses
- Security Roadmap
The results highlight the gaps and weaknesses and develop a remediation plan on how to mitigate those threats or bring them to an acceptable level of risk.
Checks whether an organization is following a set of standard security policies or procedures defined in either security frameworks, or compliance standards.
a. Security Frameworks
There are a number of major industry standard security frameworks: CIS 20, NIST CSF and ISO27001
To develop a strong foundation and roadmap for a secure infrastructure, we help organizations identify these security controls, and assist in planning and implementing security best practices.
The quickest way to get started is by adopting the CIS Controls (Cyber Security Frameworks by the Center of Internet Security; Critical Security Controls for Effective Cyber Defense.
Click here for the 20 CIS Controls.
b. Compliance Checks
HIPAA Compliance Check
The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards for the protection of Electronic Protected Health Information (e-PHI) that is held or transferred in electronic form using Electronic Health Record (EHC) applications.
The Security Rule and Privacy Rules address the technical and non-technical safeguards that organizations must put in place to secure individuals’ e-PHI
We will assist organizations in going through the requirements that help to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.
We will help identify the gaps if any and advise on remediation steps as needed.
PCI DSS Compliance Check
Payment Card Industry Data Security Standard (PCI DSS) sets the requirements for organizations and sellers to safely and securely accept, store, process, and transmit cardholder data during credit card transaction to prevent fraud and data breaches.
We will go through the compliance checklist and report on how the organization scores, where they fall short and what the remediation actions look like.