Assessment Services
Vulnerability Assessment (External and Internal):
We scan your network perimeter against all known vulnerabilities. We perform these scans “blindly,” meaning that we don’t have any information about your network. The goal is to find, analyze, and confirm ALL vulnerabilities, resulting in a risk-based project plan for mitigation.
To scan your internal network, we install a device on your internal switch (after the blind scanning is finished, of course). This device, called the mole, builds a VPN back to our Network Operations Center which then allows us to scan your internal network remotely. Because scanning can be intrusive, we remotely scan your network in off-hours.
Datasheet (pdf)
Risk / BSA Assessment:
We will help you develop a customized program for managing GLBA risk, as per FFIEC requirements. We will leverage existing processes to provide an effective method of abbreviating and sharing critical risk and control information among business process owners. The deliverables will include appropriate policies, detailed procedures, customized risk assessment tables, metrics, compilation methods, training, and process documentation. The program will cost-effectively identify, measure, and manage risk arising from information. A filtering process will be created to notify business process owners of relevant risk and controls in other business processes, resulting in a reduction of redundant mitigating controls, and an alignment of information security practices with IT Governance and overall Business Strategy.
Compliance Testing:
In this approach, we interview your management team and several other persons in your organization. We solicit documentation of policies and procedures and then run all submitted information against checklists that we have developed based on the FFIEC guidelines. We then deliver a report with detailed deficiencies noted in policies and procedures as well as suggested remediation. The report includes an executive summary as well as a detailed “policy gap matrix” that applies a risk analysis on each deficiency and establishes metrics that can be used over time to measure remediation (and inherent risk). We can target a policy gap analysis to specific policies or program, such as Acceptable Use Policies or Vendor Management and/or Incident Response Programs.
Compliance Testing:
- Physical Breach Tests - To test physical access controls and related incident detection and response, testers will attempt to passively breach physical controls, if they exist, and gain access to the network from the inside. We will pose as a member of your network support team, as a telephone repair person, etc. The report describes the attempt at each location and the response, a summary report showing the percent of penetration, and recommendations.
- Phishing Expedition - To test physical access controls and related incident detection and response, testers will attempt to passively breach physical controls, if they exist, and gain access to the network from the inside. We will pose as a member of your network support team, as a
telephone repair person, etc. The report describes the attempt at each location and the
response, a summary report showing the percent of penetration, and recommendations.
- Pretext Calling - This testing may include any or all of the following activities: masquerading as a potential or current customer, masquerading as a vendor, and/or various other methods via the telephone intended to test the company’s security as deemed necessary by Infotex representatives.
Datasheet (pdf)
Compliance Testing:
We provide other vulnerability assessment services ranging from war dialing, war driving, dumpster diving, telephone attacks, disaster recovery testing, and physical security audits.
Infotex Portal Articles
