January 20, 2012

Infrastructure Security

As malicious attacks rise rapidly in both complexity and frequency, enterprises have been forced to take steps to guarantee a strong security posture. A proven way to accomplish this is by conducting regular security assessments.

Force 5’s experts work with you to assess your policies, processes, and technologies to identify weaknesses, categorize risks, and recommend improvements. Our assessments help fortify your environment and improve compliance with industry regulations.

Force 5’s security professionals combine proprietary and industry-leading security assessment tools with in-depth analysis of vulnerability data to evaluate your organization’s vulnerabilities and overall security state including:

• Security policy gap assessment: Assesses the gaps between current security policies and best security practices.

• Penetration testing: Simulates covert and hostile network attacks to identify specific vulnerabilities in the protection of your organization’s sensitive data. A penetration test results in a clear picture of your organization’s security condition, as seen from the perspective of an outsider, such as a potential hacker.

• Application security assessment: Provides a review of your custom applications to determine security weaknesses and recommend methods to remedy those weaknesses. Your applications house much of your organization’s critical data — from customer information to human resources data to intellectual property — yet application security is often overlooked as part of an overall security plan. Security holes in Web-based and other custom applications in particular create opportunities for attackers.

• Regulatory compliance gap assessment: Identifies the gaps between existing security and compliance with government and industry regulations that require security assessments. Regulations that can be addressed with this type of assessment include:

o Sarbanes-Oxley (SOX).
o Health Insurance Portability and Accountability Act (HIPAA).
o Gramm-Leach-Bliley Act (GLBA).
o Federal Information Security Management Act (FISMA).
o Federal Financial Institutions Examination Council (FFIEC).
o Supervisory Control and Data Acquisition (SCADA).
o Payment Card Data Security Standard (PCI DSS).

Choosing the right vendor for assessment services will make all the difference in the validity and effectiveness of the assessments. While many vendors may be able to ascertain where weaknesses exist in your security program, only Force 5 will be able to uncover the problems through:

• Use of a best-practices methodology
• Ability to address the entire security life cycle
• Integrated security intelligence — able to discover new threats even before they emerge and design ways to deal with them before they become real problems
• Utilization of proven assessment tools and techniques
• Quality deliverables designed to provide actionable recommendations