Who is Guarding the Gatekeepers?

Page 1

WHO IS GUARDING THE GATEKEEPERS? Joe Danaher, Vice President Chief Information Security Officer Integrity IT

Vulnerability Assessment must be a key component of your business.

WH O I S G U A RD I N G T H E G A T E KE E P E RS ?

Most companies that suffer a network breach discover it months after the breach occurred.

Integrity IT partners with your existing IT departments to strengthen overall cyber security.

This is a timeless concept from roman times that has been passed down in popular culture and can be applied to your computer systems and data. Many

The Integrity IT Security Services Team believes Vulnerability Assessments should do much more than provide an automated scan of your network. We also

companies of even modest size and complexity rely on some form of IT to support their computer systems and data. Most companies trust their IT department to have included security as a baseline component of their work. You see Antivirus (AV) on your computer and you know you have a firewall.

subscribe to the concept that the Security Audit Team should be separate from the IT Department to provide a more unbiased and valuable assessment. We don’t subscribe to a “blame game� mentality and sincerely understand how difficult it is to consistently configure and manage security controls.

You may even have spam filtering for your email and you almost certainly have backups for your data. You trust your IT department to do these things but how do you verify your IT Security is doing what you think it is doing?

The ideal engagement is when Integrity IT is allowed to partner with your existing IT department to validate what is being done and to comprehensively review your security controls from start to finish. Integrity IT will help identify any gaps that exist and provide real steps that can be taken to improve the overall security defenses that protect your computer systems and data.

Typically, Vulnerability Assessments are a key component of IT Security verification, however there is much more to this than simply running a scanning tool once a month. Have you asked your IT department how they verify the security controls they manage? Are your IT security controls configured correctly and doing the job? It is a frightening thought to consider that most network breaches are discovered 146 days after the breach occurred1*.

INTEGRITYKY.COM | 859.253.4284

The approach Integrity IT takes with a Vulnerability Assessment is a comprehensive engagement where we not only perform internal and external network scans but also where we examine existing patching, particularly third-party patching which many businesses struggle to keep current 2*. Integrity IT also compares your policies with what you are doing versus best practices in crucial areas like password management, principle of least privilege, and validation of other security mechanisms implemented at your business.

PAGE 2

WH O I S G U A RD I N G T H E G A T E KE E P E RS ?

Let our years of expertise add another level of safety to your business processes.

Integrity IT believes this comprehensive approach to performing a network vulnerability assessment provides actionable information to the IT department and the business management team. Our process identifies gaps that exist in current controls and will detail recommendations on prioritization and actions to close those gaps. We also offer an array of IT Security tools that may fit a particular need so our experience can be further leveraged if you need more than the assessment. Our Security Engineers have many years of experience on both the set-up and maintenance of networks and security as well as going into unknown environments and identifying vulnerabilities. The Integrity IT Vulnerability Assessment also addresses requirements and/or regulations required by HIPAA or PCI that you may need. We have a background in doing both for many years. We provide a “face to face” briefing on conclusion of the engagement and a comprehensive technical report as well as an executive briefing.

Trust but verify.

“Fidete, sed verificate” is a famous Latin phrase: Trust buy verify. You trust your IT department is doing their best but when it comes to the security of your key computer systems and valuable data. However, when you think about their mission coupled with the rapidly increasing number of threats, it is better to exercise the “trust but verify” axiom. Integrity IT is also a Managed Services Company but we keep our Security Services department at arm’s length to provide a level of independence between the staff that configures and maintains a network from the staff that assess and audits the security of that same network. Whether it is a consultation engagement or as a more long-term services provider, Integrity IT Security Services Team is well-prepared to assist you.

Joe Danaher, Vice President Chief Information Security Officer Integrity IT 1* https://www.infocyte.com/blog/2016/7/26/how-many-days-

does-it-take-to-discover-a-breach-the-answer-may-shock-you

https://www.scmagazine.com/unrelentingrise-in-vulnerabilities-risk-based-security-reports/article/664700/ 2*

INTEGRITYKY.COM | 859.253.4284

PAGE 3

WH O I S G U A RD I N G T H E G A T E KE E P E RS ?

CONSULTATION SERVICES

SECURITY CONTROLS

Risk Assessment

Managed IPS/IDS

Asset Identification

Intrusion Prevention System and Intrusion

Threat Identification

Detection System

Vulnerability Scans: Internal and External

Controls Assessment: Physical, Technical, Administrative

Managed SIEM/USM

Gap Assessment, Prioritization for Remediation

Business Continuity and Disaster Recovery Planning •

Business Impact Assessment

Recovery Point Objective: Backup Strategy

Recovery Time Objective

Security Information and Event Management System

Vulnerability Scans •

Quarterly and Ad-Hoc Internal and External Scans

Reporting

Mitigation Recommendations

Phishing Campaign

HIPAA Compliance

Periodic Validation of Employee Training

Annual SRA Completion

Policies and Procedures

Penetration Testing

BAA Templates

Executive Summary and Technical Report

Single or Recurring Engagement

Employee Security Awareness Training

PII PR TECT

Speaker Program

HIPAA Assurance Web Portal

PII-Protect Web Portal (non-HIPAA)

Phishing Campaign (PII-Protect or DUO)

VCISO (Virtual Chief Information Security Office) •

Establish your Security Vision

Determine and Prioritize Security Initiatives

Reduce Risk with Ongoing Security Improvements

Incident Response and Breach Investigations •

Response and Remediation plans

Communications and Management

Lessons Learned

INTEGRITYKY.COM | 859.253.4284

Encrypted Email •

PII and PHI Requirement

Internet Content Filtering •

Block Malicious Sites

Help Control Your Internet Bandwidth Use

Multi-Factor Authentication •

Add a Second Layer Of Security to Strengthen Access to Vital Systems

Custom GPO’s (Group Policy Object) •

Security Focused GPO’s: Account Hardening, Ransomware, Pass the Hash Mitigation

PAGE 4

WH O I S G U A RD I N G T H E G A T E KE E P E RS ?

“Integrity’s audit uncovered things we had never considered. Now, when potential clients now ask about security, we can not only answer easily, but also provide tangible evidence that our security is near the level required for banking.” – Heather Taylor, Benefit Insurance Marketing

an ame company

INTEGRITYKY.COM | 859.253.4284 3080 HARRODSBURG ROAD, SUITE 104 LEXINGTON, KY 40503

PAGE 5

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.