|
|
|
|
Information is one of your organization's most important assets. A strong information security posture helps your organization reduce levels of strategic and tactical risk, gain competitive advantage, protect its reputation and improve the bottom line.
The ever-growing complexity of enterprise IT environments continues to push the limits of internal security teams. Satisfying the requirements of your organization's objectives as well as various stakeholders such as the payment card industry and international, state, and federal regulators to deploy and support new IT assets is challenging enough without having to manage an evolving set of security weaknesses within those systems.
igxglobal's Threat Mitigation Division can help you achieve compliance with regulatory requirements (e.g., ISO, PCI-DSS, PA-DSS, HIPAA, SOX404, state and federal laws), understand your current information security posture, and discover and remediate potential vulnerabilities and weaknesses.
Our Audit and Assessment services, combined with our technical vulnerability testing, provides you with a complete picture of your current information security posture, practical recommendations to mitigate identified issues, avoid possible penalties and fees associated with regulatory non-compliance and bolster your organization's efficiency and effectiveness.
|
|
|
|
|
|
Policy and Procedure Review
|
|
|
|
Active Social Engineering
|
|
|
|
Third Party Oversight Review
|
|
|
|
System Inventory and Documentation Collection
|
|
|
|
Physical/Environmental Security Review
|
|
|
|
Personnel and IT Staff Training and Awareness Review
|
|
|
|
Internal Vulnerability Assessment
|
|
|
|
Host/Network Diagnostic Review
|
|
|
|
Access Control Review
|
|
|
|
Data Flow and Network Usage Analysis
|
|
|
|
Wireless Network Security Analysis
|
|
|
|
Testing of Deployed Security Measures
|
|
|
|
Monitoring/Response Process Assessment
|
|
|
|
|
|
|
|
|
Copies of collected notes, raw data, and raw logs collected during the course of the assessment
|
|
|
|
Summary of what information needs to be protected and the implications if it is damaged or lost
|
|
|
|
Recommendations for addressing data flow and network usage security issues
|
|
|
|
Summary of an organizations monitoring and response program and its effectiveness on outside sources
|
|
|
|
A risk rating of existing vulnerabilities and exploits
|
|
|
|
Summary of security measures in place and their
effectiveness in securing the network and minimizing
intrusions and vulnerabilities
|
|
|
|
Identification of network security best practices
and identity needed technology, policies, etc. to provide a secure environment
|
|
|
|
Details on all client systems connected to the
networks that are discovered in the course of the
engagement, including all information discovered
about those systems (i.e. operating system,
available services, version information, etc.)
|
|
|
|
Recommendations for enhancements in regards to
overcome potential physical vulnerabilities
|
|
|
|
Recommendations for heightened awareness and additional training
|
|
|
|
A detailing of all security findings and existing
vulnerabilities to include a detailed analysis of
the vulnerabilities, potential risk they present to
the systems and the network, and regulatory compliance
|
|
|
|
A prioritized list of vulnerability mitigation
recommendations rated from high to low
|
|
|
|
Identification of network strengths and areas of improvement and
where appropriate correlated with affected regulations
|
|
|
|
Cost analysis for mitigation steps to improve security
|
|
|
|
|
