Certified professionals are ready to help you manage your information security. We can assist you to better secure your IT operations that ensure the business runs well and flexibly support innovation, growth and change while keeping your assets and applications secure. Our cyber security expertise is focused on four core areas:
EXTERNAL security assessments evaluate the overall security posture of the enterprise from the perspective of an anonymous source on the Internet. It focuses on services that the enterprise makes available through their perimeter across the Internet. We start with a process called "Fingerprinting," where we do reconnaissance on the target organization by reviewing public sources of information (such as the network registrars, DNS servers, email servers, routing tables, Social Media, etc.) to evaluate the potential information that is available for an anonymous attacker to gather as base information to start an attack or which provide information that allows an alternate route that might exploit a non-technical weakness.
INTERNAL security assessments differ from external assessments in that their goal is to evaluate the overall security of the organization against potential attacks from “insiders,” other trusted parties or an attacker who has already successfully penetrated the perimeter of the organization. The goal is to evaluate, from a technical perspective, the various components of an information security program. We start with requests for network diagrams and device configurations (routers, switches, firewalls, IDS&IPS, DLP, etc.) and policies (server patching process, etc.) to evaluate against common security misconfigurations and vulnerabilities associated with network design and configuration management practices.
CLOUD Application Security Assessment are more and more vital data is stored in web applications and the number of transactions on the web increases, proper security testing of web applications is becoming very important. The purpose of the Cloud Application Security Assessment is to discover the vulnerabilities of the web application so that the developers can then remove these vulnerabilities from the application and make the web application and data safe from unauthorized actions. This ever evolving threat includes revealing vulnerabilities such as: URL manipulation, SQL injection, XSS (Cross Site Scripting) and a host of other common attack types.
INFORMATION security program assessment (ISPA) is an evaluation of the organization’s administrative controls governing the information security program as a whole using the ISO27001 standards. iSphere conducts a thorough review of information security policies and procedures, interviews key stakeholders, technical staff, and end users. In advance of the data collection, a detailed interview schedule including topics/focus, approximate durations, and target attendees is developed and is the basis for the itinerary while our consultants are on site conducting the data collection phase of the assessment.
Whether you have regulatory compliance needs, or would like to have an independent third party assess your security posture, iSphere professionals can help you.