Annual and ongoing penetration testing is a security and auditing standard required by regulating authorities such as the FFIEC. A penetration test is used to determine the feasibility of a malicious attack on an organization’s computer system or network and to assess the business impact such an attack would have. The objective is to uncover and evaluate any vulnerability that could put the system at risk. Vulnerabilities include system mis-configurations, hardware or software flaws and operational weaknesses, are easily exploited by cybercriminals and put organizations at risk.
Our penetration testing activities will reveal how well your organization’s security policies protect your assets. We’ll begin by performing a reconnaissance in order to identify possible entry points followed by real-world attempts to intrude on your systems or network. Afterwards, we will report the findings and provide solutions to mitigate the risks.
Our pervasive knowledge of the most current attack vectors, along with our extensive experience in the financial services industry will provide you with the assurance and freedom you need to concentrate on your business rather than on your security.
Today’s threat landscape offers attackers a large selection of attack points in the form of:
In a social engineering attack, an individual with malicious intent uses human biases to manipulate their targeted victims in order obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be an employee, vendor or business partner and even offer credentials to support that identity.
Social engineers use a variety of deceptive tactics, including pretexting, phishing, baiting and hacking to engage an unsuspecting victim and con them into divulging information or performing actions that will give the attacker access to an organization’s network. If an attacker is not able to gather enough information from one source, they may contact another source within the same organization and rely on the information from the first source to add to his or her credibility. Unfortunately, many companies do not prepare their staff for this type of deception.
To help you train your staff to spot and avoid the tactics of social engineers, we provide comprehensive Information Security Awareness training through our web-based, on-demand portal.
As a follow-up to our Information Security Awareness training and to ensure your staff is prepared for social engineering attacks, our Social Engineering and Physical Security Test includes the following types of tests:
Business Continuity Management (BCM) is not just about disaster recovery and crisis management. It presents you with an opportunity to review the way your organization implements its processes, to improve procedures and practices and increase organizational resilience to avoid interruption and loss. Our BCP program will help you keep your organization up and running through interruptions of any kind. Our services are divided into the following three distinct phases: Business Impact Analysis, Strategy Evaluation and Selection and Business Continuity Plan Documentation.
We will review your organization’s existing business continuity capabilities and analyze all information obtained including the financial and operational impacts of disruption, recovery functions and time frames and the required resources for business continuity. The BIA involves the following areas:
We will recommend improvements to your infrastructure to strengthen your ability to support the needs identified in the Business Impact Analysis. This phase is intended to identify your recovery approach for existing processes, technology infrastructure, facilities and the maximum acceptable recovery timeframe requirements and includes:
In this phase, we will assist in the creation of your Business Continuity Plan. The plan will address the following issues: