Search for red flags in compliance with PCI DSS, SOX, GDPR, HIPAA, Habeas Data, and ISO27001.
User profile analysis, power user, and elevated access privilege report & administration.
Incident lifecycle analysis, including detection, triaging, containment, and remediation.
Methodology approach to risk evaluation and management.
Enablement and learning program for InfoSec awareness aimed at each hierarchical level.
Find and document where critical information is located, and propose how to protect it.
Analysis to establish operational and financial impacts of business disruption.
Build the plan to follow during a business disruption, including digital and analog processes.
Build the plan to follow after the business disruption is mitigated. Complementing the BCP.
Known security vulnerability prioritization, correction, mitigation, and reporting.
Publicly known vulnerability scans and analysis on packaged software and hardware in use.
Periodic search in logs and alerts for signs of unauthorized access to digital assets and physical networks.
Break-in tests into your network, including a PenTest to find vulnerabilities and areas of concern.
Test the security awareness of your business teams using phishing and other social engineering techniques.
Web and application source code analysis in search of security gaps and vulnerabilities.