To provide reasonable coverage in a limited amount of time, our review covers six different threat vectors
Network Threats are those that are commonly envisioned when thinking about information security. These threats typically come from the Internet or other untrusted networks and are addressed through control of your network traffic.
Web Attacks are much like network threats, but are “pulled” by your own people, rather than “pushed” by attackers. Web Attacks must be accessed, typically through a web browser. Web Attacks often require tricking one of your employees in order to be successful. In today’s online community, social media has become a prime target.
Malware is a short-hand term for “malicious software.” This threat is often given names like “virus,” “worm,” “trojan,” “spyware,” “adware,” or “bot,” but the technical details distinguishing these from one another are less important than the impact they can have upon your business … which can be extreme and directly focused on your bottom line.
Application Control and Patch Management refers to how you manage the growing number and versions of applications on your network. Application control issues range from the simple, like removing unneeded applications, to the complex, like defining ongoing patch and version requirements needed to manage the software and hardware on your network.
Data Loss events are those that keep many owners awake at night. The data on your systems is typically a combination of sensitive internal information and custodial information, being stored on behalf of your clients and customers. If you lose control over this information, your competitors can gain advantage or your customers can leave. In worst case scenarios, there can also be hefty fines from regulatory bodies.
Trust is necessary in all organizations. However, it can be abused. It is important to identify where your trust relationships exist and what could happen if they are taken advantage of. This allows you to define a detection and response process and minimize the cost of a breach of trust.
What you can expect
Interview – First, we need to meet, either in person or via the phone. This process seldom takes more than an hour. Having performed several hundred consultations, we have developed a specific set of questions that help us understand your company and identify potential security issues.
Analysis – Next, we analyze your interview data against the six threat vectors and identify the strength of your organization’s defense.
Strategy – Finally, we create a strategy document that details ways by which you can boost your lines of defense. We take into account issues specific to your industry, such as HIPAA and PCI compliance concerns, as well as issues related to your corporate structure. Small and large businesses often require different security postures due to differences in terms of threats and resources. The end result is a document tuned to your needs that is packed with detailed information about potential security vulnerabilities, compliance issues and specific advice on how to address these security concerns.