Application Security Testing involves testing the security of an application's authentication, authorization, input validation, and data storage to identify weaknesses that can be used to exploit the application in ways that the designers did not intend.
Cybersecurity Awareness Training covers a broad set of concerns regarding proper handling of sensitive information, removable media, phishing, social media, social engineering, privacy, and acceptable use of IT resources.
External Network Security Testing and Penetration Testing
External Network Security Testing involves scanning public internet facing assets such as servers, network devices, and websites to discover cybersecurity vulnerabilities.
Governance refers to the task of collecting sufficient evidence to demonstrate that the firm is following its own policies. Compliance is concerned with being able to prove regulatory compliance requirements are being satisfied.
Whereas IS Policy Gap Analysis is concerned with informing strategic planning for Information Security Policy improvement, Information Security Policy Consultation refers to the task of defining and implementing policies.
Information Security Policies are the standard means by which management expresses their expectations about organizational behavior as it relates to meeting certain goals.
Internal Network Security Testing and Penetration Testing
Internal Network Security Testing involves scanning internal LAN assets such as servers, network devices, and web-applications to discover cybersecurity vulnerabilities.
A Network Architecture Security Review is a structured investigation into network design and configuration to discern any security flaws. It includes segmentation, firewall rules, VLAN configuration, resiliency, and access control.
Social Engineering and Physical Penetration Testing
Physical Penetration Testing involves pre-approved attempts to gain unauthorized access to IT assets through Social Engineering methods such as impersonation, imposters, confidence tricks, and malicious IT devices.
A Strategic Remediation Plan (a.k.a. Roadmap) lays out desired cybersecurity initiatives in a timeline that reflects realistic project schedules and organizational priorities.