You cannot afford to take chances with your mission-critical technology systems. Plus minimizes your risk and delivers results that positively impact your IT effectiveness.
We take a comprehensive approach in our information security assessments. After determining what drives your business, we use the latest in risk assessment technology to pinpoint vulnerabilities that leave you open to attack and work to repair the issue at its source.
It is no longer enough to carry out an annual risk assessment and plug holes in your network, applications and databases. It is imperative, as part of a larger security strategy, to be able to assess why those vulnerabilities have occurred and work to fix the problem. Plus will conduct the risk assessment, implement a security strategy and work with your company to fix the vulnerabilities in your network.
Our assessment can launch your organization into a true security strategy.
As part of our risk and control process, or as a standalone exercise, Plus offers vulnerability assessment and modeling exercises. Our process enumerates every live host, open port and available service during the assessment timeframe.
We will identify all system and network-based vulnerabilities and focus on areas where a compromise will have the greatest impact and highest risk to your business. During this phase of the assessment, we identify technical vulnerabilities and errant configurations, validate existing controls, prioritize high-risk findings and provide detailed remediation techniques to reduce the risk of your networked systems being compromised.
The result is an accurate point-in-time depiction of your current internal network security posture. This assessment provides a necessary baseline from which to validate information security, program maturity and compliance to corporate and regulatory security requirements as well as a roadmap for meaningful security initiatives.
Plus works with your organization to identify the penetration test objectives ensuring an accurate assessment of the security posture of the organization without disrupting production networks. Testing methodologies range from providing limited information in order to recreate a hacker profiling your organization to attacking development areas that were created to mirror your production environment. We also look at the social engineering aspects of accessing information from your organization.
The result of the penetration test is an extensive report containing the activities performed as well as recommendations to mitigate the issues that were discovered. These results should be used as part of your overall risk and control assessment, ultimately, helping your organization design and implement a corporate IT security strategy.
- GAP to a risk assessment standard (NIST or ISO/OCTAVE)
- Outline of risk and recommendations based on posture
- Audit preparation and mitigation strategies
- FFIEC Guidelines; Gramm Leach Bliley Act (GLBA)
- Publicly-traded institutions (Sarbanes Oxley - 404)
- Family Educational Rights and Privacy Act (FERPA)
- Transmitting or storing federal data (FISMA)
- Health organizations (HIPAA)
- Payment Card Industry - Data Security Standards (PCI-DSS)
- Export regulations (EAR; ITAR)
- Trading globally (Data Protection Act UK)