Information Security Assessments Regulatory Compliance & Audit Services

CISSP.COM - Security and Compliance from the Boardroom to the S.O.C.

CISSP.COM

Information Security Assessments, Audit and Compliance services.

Security Assessments Compliance Services
 
Compliance & Audit

We help you achieve your NCUA, PCI, FFIEC, HIPAA, FRS, FDIC, OTS, OCIE, FTC Compliance requirements.

 
Security Assessments

We help organizations evaluate and protect information assets and improve business functions.

 
Policy Development & Review

We provide policies and procedures assessments and development services based on your compliance goals.

 
We are your partners

Being vendor independent, we bring a fresh perspective that is setting a new standard in the security services industry.

 

We bring a strong team of experienced information security, technology, audit, governance, risk and compliance professionals to help your organization mitigate risk.

Security Audits

We provide audits and controls testing and reviews to ensure that organizations meet its information security objectives and properly documents those efforts via policies, processes and procedures.

Read More
Security Assessments

Technology alone is not enough to ensure that data remains safe at every point in the organization. Our holistic review uncovers potential risk throughout the enviroment internally and externally.

Read More
Regulatory Compliance

Federal and state laws and regulations, coupled with complex rules established by credit card companies have created compliance requirements that may seem overwhelming to many organizations.

Read More
 

External Network Vulnerabilities Assessment

external network assessment

It is critically important that organizations take a holistic approach to information security. Network security is all about understanding weaknesses and taking the steps to secure those weaknesses.

We provide your organization with a clear understanding of the risks present on your external network and with necessary awareness required to properly secure your organization's externally facing assets and help you move towards superior network security.

External Vulnerability Assessments are the backbone of our perimeter security offerings. Our security experts will run a series of tests to clearly define any vulnerabilities, identify possible threats that the vulnerabilities pose and provide detailed recommendations on how to fix any deficiencies. This provides realistic data and insights that can then be used to secure network equipment and defend against real-life attacks.

 

We offer external vulnerability assessments that are designed to look at the environment from the public view, that is, from the outside looking in. This is one of the first lines of defense for security on most networks.

Process
Our External Vulnerability Assessment service follows the basic process outlined below:

  1. Receive signed vulnerability testing waiver from the organization
  2. Perform passive reconnaissance of the organization's external systems and presence
  3. Determine live hosts
  4. Conduct port scans of all live hosts (all scans will come from a predefined number of external IP addresses during a time that is mutually agreeable)
  5. Conduct vulnerability assessment using vulnerability scanning tools
  6. Verify vulnerabilities using manual scanning and verification techniques to eliminate false positives
  7. Write report of all vulnerabilities including remediation steps
  8. Review report with internal staff

Items Reviewed
The following specific items are covered during the scope of an External Vulnerability Assessment:

  • Firewall Vulnerability Scanning - We will conduct port scanning and vulnerability scans against all provided IP addressees to determine any potential problems.
  • Firewall / Router Configuration - If provided, we will conduct a detailed analysis of the rule-set using industry best practice guidelines
  • Host Vulnerability Scanning - we will scan all available hosts to determine if any vulnerabilities are present. Possible hosts include - VPNs, websites, DNS, etc.
  • War Dial - All the provided telephone numbers will be assessed to determine if rogue modems are available and answering

The External Vulnerability Assessment is typically done remotely and does not require an on site visit in most cases. After the testing has been completed, we will provide your organization with a custom formal report that:

  • Lists all identified weaknesses and vulnerabilities
  • Explains the risks associate with the current network configuration
  • Presents recommendations to increase the security of your external network

Using our Vulnerability Assessment Services, your IT staff can concentrate on maintaining a secure network without investing in expensive security tools and training, or devoting hours to scanning, testing, checking for false positive results, reporting, or maintaining expensive information security experts on staff.

 

For further information on our External Vulnerability Assessment service, please contact one of our sales representatives by calling +1 (727) 210-5204 or by completing our Online Inquiry Form.