Security Awareness Training
Solve the #1 root cause of data breaches
Phishing Attacks
1 in 14 users are tricked into clicking a phishing link or opening an email attachment
Poor Password Practices
81% of data breaches are caused by weak, guessable and stolen passwords
User Error
Human error is the root cause of Seventy-nine percent of information security failures.
Malicious Software Installation
95% of phishing attacks that led to a breach were followed by some type of software installation (malware)
Social Engineering
67% of users will divulge social security, birthdays or employee numbers over the phone
Malware
66% of malware is installed by opening malicious email attachments
Conform to Audit and Regulatory Compliance
The Federal Government (Federal Information System Security Managers’ Act)
The health care industry (Health Insurance Portability and Accountability Act)
Financial institutions (Gramm-Leach-Bliley Act and Sarbanes-Oxley Act)
Publicly-traded companies (Sarbanes-Oxley Act)
Address Security Framework Requirements
– NIST Risk Management Framework (RMF) through NIST SP 800-53 Rev. 4 AT-2
– NIST Cybersecurity Framework (CSF) PR.AT
– ISO/IEC 27001:2013 A.7.2.2
– ISACA Control Objectives for Information and Related Technology (COBIT) 5 APO07.03, BAI05.07
IT Security Risk Assessments
Security Exchange provides Risk Assessments using the following NIST (National Institute of Standards and Technology) 800-30 process.
Define Systems & Scope
- System Characterization
Identify Threats & Controls
- Threat Identification
- Vulnerability Identification
- Control Analysis
Determine Risk
- Likelihood Determination
- Impact Analysis
- Risk Determination
Make Recommendations
- Control Recommendation
- Results Documentation
Network Penetration Testing
Conform to Regulatory or Legislative Requirements
Serves as a third party validation of threat exposure when performed annually.
Satisfy audit requirements, including PCI 3.x, HIPAA, etc.
Identify and Address Network Vulnerabilities
Identify network weaknesses within your IT infrastructure that may lead to data compromise in the same way that a cyber criminal would, through vulnerability and penetration testing.
Validate internal/external security controls, including protections around high-value systems
Comprehensive Methodology
We approach each penetration test as unique to every organization by leveraging our proprietary tactics guided by top network security experts.
Both vulnerability and penetration tests are designed to demonstrate how an attacker would gain unauthorized access to your systems through vulnerable or compromised in-scope systems and highlight further opportunities from exposed hosts.
Based on these findings, we will provide a customized report including recommended course of action for both leadership and technical staff.
Access Policy Management System (SMART AMS)
Ensure Audit Compliance
Maintain an audit trail of every access change request and approval performed by users in the application.
Enhanced Workflow Capability
Ability to set up independent workflows for user provisions comprising of individual entities,
Complete Customization
Integration with Most Popular Applications and Database Systems,