Every single company, non-profit organization, and government agency with a computer network is at risk from internal cybersecurity threats. While most IT Providers offer some type of commoditized external security offering such as firewalls and anti-virus, very few have the resources, knowledge or tools to protect their clients from many types of internal threats.
Our Cyber Security Assessment offers top end internal cybersecurity services to our customers whose lines of business deal with highly sensitive data and strict IT compliance requirements. Typically, this would be any covered entity in the legal industry carrying customer-sensitive data or health care field, any client involved with financial services, and any with an e-commerce site, retail operation, or where financial transactions pass through the organization’s networks. The areas that we focus on the most start with is auditing the following areas if risk:
Access Control
✓ Restrict access to accounting computers to authorized users
✓ Restrict access to business owner computers to authorized users
✓ Restrict access to IT admin only restricted computers to IT administrators
✓ Restrict users that are not authorized to log into multiple computer Systems
✓ Authorize new devices to be added to restricted networks
✓ Restrict IT administrative access to minimum necessary
✓ Strictly control the addition of new users to the domain
✓ Users should only access authorized systems
✓ Strictly control the addition of new local computer administrators
✓ Investigate suspicious logons to computers
✓ Investigate suspicious logons by users
✓ Only connect to authorized printers
✓ Restrict access to computers containing ePHI to authorized users
✓ Restrict access to systems in the cardholder data environment (CDE) to authorized users
Computers
✓ Changes on locked down computers or Servers should be strictly controlled
✓ Restrict internet access for computers that are not authorized to access the internet directly
✓ Install critical patches for DMZ computers within 30 Days
✓ Install critical patches on network computers within 30 Days
Network Security
✓ Remediate high severity internal vulnerabilities immediately (CVSS > 7.0)
✓ Only connect to authorized wireless networks
✓ Remediate medium severity internal vulnerabilities (CVSS > 4.0)
✓ Detect network changes to internal wireless networks
✓ Detect network changes to internal networks
The results outcome of the Cyber Security & Network Assessment would identify the following risks:
1. Inadequate or no perimeter defense
2. Inadequate patching to prevent vulnerabilities
3. Improper administrative access
4. Improper access to computers with sensitive information
5. Lack of change control leading to rogue users and systems on the network
6. Lack of change control on specific high value systems
7. Limiting or restricting Internet access on high value systems
8. Detect and remediate internal network vulnerabilities
9. Identify and investigate suspicious user behavior
10. Compliance-level auditing