Standards Based Information Risk Assessments
Information Risk Assessments set the stage for establishing the Information Technology ‘Big Picture’. Our Information Risk Assessment process is built around an ISO 17799/27001 based framework, and controls are customized according to business needs (Health Insurance Portability and Accountability Act of 1996 (HIPAA), Federal Information Security Management Act of 2002 (FISMA), Financial Services – Federal Financial Institutions Examination Council (FFIEC) & Gramm-Leach-Bliley Act (GLBA), North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP), or the Payment Card Industry Data Security Standard (PCI DSS). Our inquiry will include every aspect of your organization: People, Process, and Technology.
Cyber Security Testing
BorderHawk Cyber Security Testing is a ‘hands on’ effort in which Test Operators attempt to circumvent security features of a system or network based on their understanding of the technical design and implementation. The purpose of a penetration test is to identify methods for gaining access to a system or network by using common attacker tools and techniques. Accordingly, in order to conduct a penetration test, the operator
must first conduct a vulnerability assessment to determine exploitable targets.
*Pricing will vary dependent on size of target environment and the persistence requested for penetration testing (time to break). Consequently, we often scope and price testing engagements on a flat rate per day once we are able to gauge the size of the target environment.
‣ External Network Assessment
Targets: Internet facing systems and devices
Attack Parameters: May include both automated and manual attacks; Will usually NOT include exploitation of any identified vulnerabilities; Password cracking is usually in scope
Restrictions: Attack(s) usually limited to non-business hours
‣ Internal Network Assessment
Targets: Internal network devices, not limited to domain controllers, infrastructure services (WINS/DHCP/DNS), servers, workstations, printers and network devices
Optional: Configuration review of the firewall and internal
Attack Parameters: Unobtrusive system vulnerability scans may occur during business hours; Caution: there is potential for interruption of critical business systems
Restrictions: Internal network assessment will be conducted on-site
Will not include mainframe systems
May include both automated and manual attacks; but will not usually include exploitation of any identified vulnerabilities; password cracking is usually in the scope
‣ Wireless Assessment
Targets: Organization -Campus -Specific Building -or Facility
Attack Parameters: May occur during business hours for unobtrusive scans
Rogue wireless device detection; penetration testing, password cracking usually in the scope
Restrictions: Wireless security risk assessment usually limited to 802.11 technologies
‣ Social Engineering
Attempt to bypass security controls in order to gain access to sensitive areas or information
Targets: Individual – Organization – Campus – Specific Building – or Facility
Attack Parameters: May include physical access, telephone, and email/phishing
Restrictions: Attack may be performed any time
‣ Application Pen Test
Targets: Web-based production application, Internet facing IP address
Attack Parameters: May include both automated and manual attacks
May include attempts to gain access through social engineering
Restrictions: Will usually not include exploitation of any identified vulnerabilities
Password cracking is usually in the scope
Will not include a code review
Information Security Training
Virtually all Information Security Standards and Regulations require both information security awareness and information security training targeted at all users (including managers, senior executives, and contractors) on an on-going basis.
“Learning is a continuum … it starts with awareness, builds to training, and evolves into education.” (NIST Special Publication 800-16 Revision 1)
BorderHawk has partnered with The Venza Group to deliver Information Security Awareness and Training solutions. Please contact us for more information.
Cybersecurity Analytics & Alerting Services
BorderHawk Cybersecurity Analytics & Alerting provides an ongoing awareness of information security, information technology vulnerabilities, and potential threats to support organizational risk management decisions.
By monitoring certain critical computer systems within your environment or analyzing information collected via the Internet regarding your organization, the BorderHawk Team is often able to isolate potential threat ‘indicators’ and extrapolate such knowledge into a proactive indication and warning processes.
We use a variety of proprietary tools to collect information, and then we employ a team of experts to analyze that data in order to reach conclusions about threats to your organization.
Cyber Monitoring Alerting Service (CMAS)
BorderHawk has developed a proprietary, non-invasive, process to analyze Internet intelligence associated with our clients. By analyzing client information against Internet intelligence sources, we are able to generate a Cyber Risk Warning Alert direct to you for action.
SfS delivers Security Information and Event Management (SIEM) system source updates for enhanced real-time analysis of security alerts being generated by your network hardware and applications. SfS source updates are developed from intelligence sources dedicated to identifying bad actors currently on the World Wide Web and the Dark Web. Source update information is obtained, scrubbed, de-duped and converted onto a single file format that is easily ingestible into most any SIEM. SfS greatly improves your SIEMs ability to detect threat activity; this enhancement is especially useful for those clients new to SIEM operations or have not been able to develop a mature SIEM operation due to a lack of resources
Technical Surveillance Countermeasures (TSCM)
BorderHawk can be available to conduct systematic physical and electronic examinations of designated areas in an effort to locate surreptitious eavesdropping devices or security weaknesses and hazards that would allow the compromise of sensitive or proprietary information.
Cyber Incident Response
BorderHawk is available to help you manage all aspects of a breach including subsequent activities. Our experts are experienced in cybercrime investigations and can be available to provide liaison as needed.
In response to a breach, we work with you to:
- Limit immediate incident impact to customers and partners
- Recover from the incident and return to operations
- Determine how the incident occurred
- Help assess impact and damage
- Determine who initiated the incident and help identify your options going forward
- Review existing policies and protocols for adequacy
- Review adequacy of other systems security
- Develop long-term mitigation plans
Cyber Security Remediation and Mitigation
Discovery of People, Process, or Technology weaknesses (vulnerabilities) is most often made during the investigation of a breach or the result of comprehensive security audit.
Cyber Security Remediation Projects involve correcting vulnerability issues.
Cyber Security Mitigation Projects are designed to diminish the impact, severity, or cost associated with the potential exploit of a vulnerability, especially where the vulnerability cannot be remedied.