An organizations ability to protect, detect, and respond to Cyber threats is only as good as it's documented and implemented Information Security controls.  Having a mature Cyber Security program developed around an established Information Security Policy Framework is key.

During a Cyber Maturity Assessment, we will conduct interviews with your staff, from HR, Compliance, Audit, Legal, Corporate Communications, Information Security, Privacy, Developers, and IT Operations. We will assess the current level of understanding, documentation, and implementation for the various standard Information Security controls.

The type and size of company will determine which Information Security Framework we will assess maturity against.  Small to medium sized unregulated companies may be assessed against the ISO27002 standards, while larger companies that require regulation (Government, Healthcare, Utilities, etc...) would likely require the rigor of NIST standards assessment.

Your corporate infrastructure is typically connected to the Internet in one or more controlled access points. A firewall with specific access rules allows daily business functions like email, file transfer, and Web browsing to be conducted easily, but that level of access also brings risks that must be evaluated.  Every day you hear about hackers gaining access to corporate networks and either stealing data, holding it for ransom, deleting or modifying it with malicious intent.

An External Penetration Test consists of a review of vulnerabilities that could be exploited by external users without credentials or the appropriate rights to access a system.

The assessment will show how well existing implemented security controls, such as firewalls, and intrusion detection and prevention systems, are functioning. As well, an external penetration test will validate whether your Internet facing applications are protected appropriately from external threats such as breaches, denial of service, and/or ransomware.

In this engagement, analysts would take on the role of an external attacker and attempt to exploit vulnerable systems to obtain confidential information. They do this in two phases.  The first phase utilizes automated tools to develop a fingerprint of your applications infrastructure and configuration.  All existing known vulnerabilities will be tested automatically against your Internet facing applications, to determine if you’ve missed applying patches or have mis-configured the environment.  Once this automation has generated its reports, our team will manually attempt several exploits designed to leverage the information leaned to compromise the network perimeter security controls.

The analyst would build scenarios utilizing the compromised system as a pivot point to further penetrate the network infrastructure, to demonstrate the potential impact of a successful compromise. Our methodology is in accordance with best practice standards and incorporates guidelines from OSSTMM, NIST and OWASP. TeamCISO makes use of our extensive experience in penetration testing and security research to uncover previously undisclosed vulnerabilities providing an unparalleled level of security assurance.

A Corporate Website or Client Portal is your face on the Internet.  It is the first place people go when they want to engage with you.  It is also one of the first placec an attacker will go during a their reconnaisance phase. A corporate website or client portal could be attacked, breached, or defaced, to cause reputational damage, or steal client personal data (PII).

Similar to the Infrastructure Penetration test, A Website Application Assessment consists of a review of vulnerabilities that could be exploited by external users without credentials or the appropriate rights to access a system.

The assessment will show not only how well existing implemented security controls, such as firewalls, and intrusion detection and prevention systems, are functioning, but whether the application development team has implemented appropriate application security controls within the code and functions of the website/portal.

In this engagement, analysts would take on the role of an external attacker and attempt to exploit vulnerable systems to obtain confidential information. They do this in two phases.  The first phase utilizes automated tools to develop a fingerprint of your applications infrastructure and configuration.  All existing known vulnerabilities will be tested automatically against your Internet facing applications, to determine if you’ve missed applying patches or have mis-configured the environment.  Once this automation has generated its reports, our team will manually attempt several exploits designed to leverage the information leaned to compromise the network perimeter security controls.

The analyst would build scenarios utilizing the compromised system as a pivot point to further penetrate the network infrastructure, to demonstrate the potential impact of a successful compromise. Our methodology is in accordance with best practice standards and incorporates guidelines from OSSTMM, NIST and OWASP. TeamCISO makes use of our extensive experience in penetration testing and security research to uncover previously undisclosed vulnerabilities providing an unparalleled level of security assurance.

A network vulnerability assessment is a process/tool that we use to identify vulnerable computer and network assets connected to the corporate network.  We would need to impose a network scanning device (one or more) onto the client network with routable access to all corporate subnets.

The scan will identify any and all devices that are logically connected to the network.  Through a series of tests, it will try to determine the operating system and applications installed on the device, and document any known vulnerabilities or mis-configurations found.  

Any software (Applications, Operating Systems, or Firmware) that is at, or beyond it's end-of-life will be flagged.  End-of-life software no longer has vendor provided patches to secure it, and will become an unmanageable risk to the company. 

A network vulnerability assessment can also generate a list of all the network attached assets to validate your Asset Management strategy. 

A cloud based network vulnerability assessment is identical to that run on the corporate network, but instead of placing a scanning appliance on the physical network, we provide a "virtual appliance" to be implemented within the client's cloud infrastructure. Similarly, it would need to have routable access to all of the client's cloud based network assets. 

The scan will identify any and all devices that are logically connected to the network.  Through a series of tests, it will try to determine the operating system and applications installed on the device, and document any known vulnerabilities or mis-configurations found.  

Any software (Applications, Operating Systems, or Firmware) that is at, or beyond it's end-of-life will be flagged.  End-of-life software no longer has vendor provided patches to secure it, and will become an unmanageable risk to the company. 

A network vulnerability assessment can also generate a list of all the network attached assets to validate your Asset Management strategy. 

SaaS... Software as a Service..  or "The Other Cloud"

Most companies, large and small have strongly adopted Cloud based services today, whether they think so or not.  Services such as Office365, Salesforce, Workday, Concur, SAP, DocuSign, Dropbox, Slack... Even communications services such as Zoom, Microsoft Teams, and Cisco WebEx are cloud based SaaS apps. 

All of these services, are merely just software applications running on someone elses computers.  Each of these vendors does their own due diligence to protect your data, however, each of them have a best practice guidance for ensuring that *you* are incontrol of that data and have your "tennant" configured approprriately. 

To assess your SaaS cloud security posture, we must first identify and enumerate all of the various SaaS applications used within the corporation.  Some of this can be easily discovered through the procurement team and billing, but a more effective and accurate enumeration comes from the firewall logs.   Identifying "who" in the company is accessing "which" SaaS apps, and assessing the corporate risk or business importance that each SaaS app holds. 

Once we have identified the various SaaS apps, and their corporate owner/admin, then we will work with them to review the in place security controls of each app against both it's vendor's recommended security best practices as well as any Industry guidance available. 

Industrial Controls Systems are typically segregated onto their own network, and protected from the corporate IT network.  They are the devices, sensors, controls, and monitors, that manage and maintain industrial processes for services such as manufacturing, public utilities, and healthcare to name a few. 

Our team has a specific set of tools and scanning devices to assess the vulnerabilities and mis-configurations existing in these IoT, IIoT, SCADA, and ICS networks.

A network vulnerability assessment is a process/tool that we use to identify vulnerable computer and network assets connected to the corporate network.  We would need to impose a network scanning device (one or more) onto the client network with routable access to all corporate subnets.

The scan will identify any and all devices that are logically connected to the network.  Through a series of tests, it will try to determine the operating system and applications installed on the device, and document any known vulnerabilities or mis-configurations found.  

Any software (Applications, Operating Systems, or Firmware) that is at, or beyond it's end-of-life will be flagged.  End-of-life software no longer has vendor provided patches to secure it, and will become an unmanageable risk to the company. 

A network vulnerability assessment can also generate a list of all the network attached assets to validate your Asset Management strategy. 

Remote Access systems such as VPN, Citrix, and Microsoft Remote Desktop provide unique Cyber Security challenges, not the least of which is user role management. 

Our Remote access assessment will identify *all* users of the remote access systems, and their specific corporate role vs the remote role access provided to them. 

We will assess how you manage authentication, authorization, and privileged access, both for employee/contractors as well as for 3rd party access.

We will evaluate the amount and type of access provided to each role in the remote access technology stack.

We will review the configuration and security controls in place within the remote access infrastructure against both the vendors best practices as well as general Industry guidance.

With the Bronze package, we will provide you with a detailed list of all of the Network-Attached assets, and any Operating Stems and Applications identified on them. 

• Workstations / laptops
• Servers
• Network switches, routers, and Wireless Access points.
• Printers/Scanners
• Voip Phones
• IoT devices

In the silver and gold package, we will work with your procurement team to review the asset procurement process from beginning to end looking for procedural deficiencies. We will review and compare the existing known assets from procurement to those discovered through the network scans and provide a delta map.

In the Gold package, we will also review any other available asset inventories such as firewall logs, active directory logs, endpoint protection consoles, etc to provide a holistic map of those logical assets.

Our Breach Readiness Assessment reviews your organization’s current cyber security practices in and around Incident and Breach management.  We will help you establish a specific plan that addresses the requirements of Board members, technology stake-holders, staff and your technical implementations.

In a study of security breaches in 2015, hacking incidents reached a nine-year high of 37.9%, a jump of 8.4% over 2014 figures. This was followed by employee error/negligence at 14.9%, more than double the 7.2% first reported in 2012.

Accidental e-mail/internet exposure was the third most common source of compromised data at 13.7% followed by insider theft (10.6%), physical theft (10.5%) and subcontractor/3rd party (9.0%). Data on the move was the final culprit, with 7.3% of the reported breaches occurring in this manner, down from a record high of 27.6% in 2007.

Each Breach Readiness Plan is defined in audience-oriented sections with specific pre- and post-breach response activities, goals, logic and values. Plans are reviewed and where plausible, tested by our security professionals. We take into consideration:

• Methods to enhance a forensic investigation including anti-forensic methods and tactics.
• Understanding your critical assets; recognizing the tangible value of digital assets.
• Review and validate business continuity plans.
• Management of supplier access to your systems and services.
• Validation of your e-mail polices.
• Review your Breach Communications Templates.
• The facts, pros and cons of cyber insurance for your organization.
• Strategic plans, timelines and milestones in a cyber breach incident.

A dark web assessment is a comprehensive approach to detecting information such as corporate Intellectual property or Personally Identifiable Information (PII) in the dark and open web that may be  leveraged to launch a cyber attack against your organisation.

Digital credentials, such as usernames and passwords, connect you and your employees to critical business applications, as well as online services. Unfortunately, digital credentials are leveraged by criminals. These credentials are among the most valuable assets found on the Dark Web where it is estimated that over 50% of all sites are used for criminal activities. 

We will use a number of different resources to search for any information available on the dark web about your company, it's executives, and/or board of directors.