Security Partner

We want to be your security partner

  1. We live security.  You need to spend your time driving the business, not worrying about the latest risks, laws or compliance mandates. 

  2. Our consultants have all come from different lines of businesses.  We ensure your business comes first.  Our assessments and mitigations help you balance between residual risks and costs.

        Privacy Policy        Terms of Use     Contact Us


Information Risk Assessments

Information is the key to driving your business forward. Understanding the people, processes, and technology that interact with sensitive and mission-critical information is vital knowledge for any information security program.

The risk assessment process is one of the most important processes to help an organization manage risk to its information.  Risk assessments ensure the most cost effective controls is applied to help a company manage risks. 

Our risk assessment services focus on information, rather than technology.  We want to ensure companies who we partner with, understand risks and how they relate to their business. 

Cyber Protection Services provides risk assessment services utilizing organized and efficient processes.  Our risk assessment process is closely aligned with NIST 800-30 (Risk Management Guide for Information Systems), NIST 800-60 (Mapping Information and Information Systems to Security Categories) and FIPS 199 and standards.


PCI Gap Analysis

If you are a merchant of any size, you are mandated to be PCI compliant.  the size of your business will determine the specific compliance requirements that must be met. Note that enforcement of merchant compliance is managed by the individual payment brands and not by the Council – the same is true for non-compliance penalties.

  1. We’ve been there.  Our security consultants have not only conducted PCI gap analysis, but have also been on the receiving end of PCI audits. 

  2. We want to be your partner - We will treat your company like family.  Our goal is to create a partnership with you, ensuring you are compliant now and in the future.

  3. We will mentor and provide leadership - We want to educate and inform you.  This ensures your current PCI mitigations and future business decisions puts your company in the best position to maintain compliance and minimize risk to card holder information.


Web Application Penetration Testing


Our Web Application Security Assessment reviews and evaluates the level of risk associated with an application in terms of its web vulnerabilities and the potential disclosure of sensitive information.


The primary goals of this assessment are to:

  1.   Provide a prioritized list of vulnerabilities found with associated risks.

  2.   Provide recommendations and details to facilitate a cost-effective and targeted mitigation approach.

  3.   Create a basis for future decisions regarding information security strategy and resource allocation.


Scope

This assessment methodology includes coverage of the classes of vulnerabilities identified in the 2010 Top 10 Open Web Application Security Project (OWASP):


  1. 1.Injection

  2. 2.Cross-Site Scripting (XSS)

  3. 3.Broken Authentication and Session Management

  4. 4.Insecure Direct Object Reference

  5. 5.Cross-Site Request Forgery (CSRF)

  6. 6.Security Misconfiguration

  7. 7.Insecure Cryptographic Storage

  8. 8.Failure to Restrict URL Access

  9. 9.Insufficient Transport Layer Protection

  10. 10.Unvalidated Redirects and Forwards

Because vulnerabilities can mask or even enable other vulnerabilities, we comprehensively test the entire application, often requiring credentials to various roles within the application.


Our application assessments also address specific regulatory requirements, such as FFIEC/GLBA, HIPAA/HITECH, and PCI DSS requirements 6.6 and 11.3.2.

Home       Awareness Training       Consulting Services       Governance       In The News!                             Contact Us