CYBER SECURITY

 Our highly qualified security professionals perform security risk assessments of the information security for your environment. Our security risk assessments are conducted in alignment with the practices enumerated in the current version of NIST SP 800-30 or the specific compliance frameworks required of the business.  After collecting and analyzing the information gathered, you will receive a comprehensive report providing a clear picture of the level of risk present within your business. This report will include any vulnerabilities which will be rated as Critical, High, Medium, Low, and Informational. 

 Our experienced CMMC-AB Registered Practitioner security professionals will perform a Cybersecurity Maturity Model Certification (CMMC) Readiness Assessment for companies required to follow NIST SP 800-171, and the eventual CMMC framework, against the client environment to address the technical, administrative and physical security controls enumerated in NIST SP 800-171 as well as the current version and expected level required under CMMC.  Through a discovery process, we will collect organizational level information, any known security classification guides, asset inventory, critical asset inventory (including CUI and CUI types), policies and procedures, plan of action and milestones (POA&M), and current system security plans (SSP). Your consultant will provide you with a summary response per DFARs with corrective recommendations. If necessary, we can build your company SSP and POA&M as well as provide your SPRS score for submission under the current NIST SP 800-171 requirement.   

Our security experts perform five of the six types of penetration testing: Internal Network, External Network, Social Engineering, Wireless and Physical security. We use a hybrid model of both automated and manual testing methods. Each client network penetration test project is performed by a Certified Ethical Hacker (CEH) and is scoped specifically to your compliance requirement or desired outcome.

Projects including an Internal Network Penetration Test can be executed as an Authorized or Unauthorized test. Our team will provide you with a final report explaining our discovered data, vulnerabilities with high-level remediation recommendations, exploited vulnerabilities and an overview of the tools and methods used during the test. Every company needs to understand which type of penetration test they require if compliance is critical to business operations, or the industries served.