CynergisTek bundles several technical services to offer a Baseline Security Assessment over a 90-day period. This is an assessment to identify security gaps without conducting the HIPAA risk requirement. Many organizations find this type of security assessment helpful during the merger and acquisition process to have a third-party conduct a security assessment on behalf of the organization that is being acquired.
This assessment will evaluate the overall security posture of the enterprise from the perspective of an anonymous source on the Internet. Our methodology starts with a process called “fingerprinting,” during which time we review public sources of information (such as the network registrars, DNS servers, email servers, routing tables, public special interest groups, etc.) to evaluate potential information available for an anonymous attacker to start an attack. We then perform technical testing to identify data on open ports and vulnerabilities. We will provide you with findings and recommendations, and we offer a project-based, prioritized view of remediation steps.
CynergisTek assesses the maturity of various components of an enterprise’s information security program during this assessment. The process starts with requests for network diagrams and device configurations (routers, switches, firewalls, etc.) to evaluate against common security holes, misconfigurations, and vulnerabilities associated with network design and configuration management practices. We interview stakeholders to evaluate security controls around technical and functional areas of your security program and how they relate to the risk management process.
The Wireless LAN Security Validation is designed to serve as an audit-style verification of information collected during the Architecture Assessment interview process as it relates to implemented security controls on the wireless LAN compared to industry best practices. Our goal is to identify and document wireless access points that will grant access to a particular network and any of the specifics associated with that network. During the course of conducting the Wireless LAN Security Assessment, CynergisTek will look for and enumerate access points that grant access. The data collected during this portion of the engagement feeds into an overall risk management process. Any relevant findings will be provided against current best practices in deploying wireless LAN technology.
The Information Security Program Assessment evaluates the administrative controls governing the information security program as a whole. CynergisTek will conduct a thorough review of information security policies and procedures, interview staff and review physical controls to identify your organization’s compliance status with an applicable framework such as NIST, PCI, HIPAA, ISO, FISMA, FERPA or the HITRUST CSF.