Prevention

Standards Based Information Risk Assessments

risk
Information Risk Assessments set the stage for establishing the Information Technology ‘Big Picture’. Our Information Risk Assessment process is built around an ISO 17799/27001 based framework, and controls are customized according to business needs (Health Insurance Portability and Accountability Act of 1996 (HIPAA), Federal Information Security Management Act of 2002 (FISMA), Financial Services – Federal Financial Institutions Examination Council (FFIEC) & Gramm-Leach-Bliley Act (GLBA), North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP), or the Payment Card Industry Data Security Standard (PCI DSS). Our inquiry will include every aspect of your organization: People, Process, and Technology.

Cyber Security Testing

BorderHawk Cyber Security Testing is a ‘hands on’ effort in which Test Operators attempt to circumvent security features of a system or network based on their understanding of the technical design and implementation. The purpose of a penetration test is to identify methods for gaining access to a system or network by using common attacker tools and techniques. Accordingly, in order to conduct a penetration test, the operator
must first conduct a vulnerability assessment to determine exploitable targets.

*Pricing will vary dependent on size of target environment and the persistence requested for penetration testing (time to break). Consequently, we often scope and price testing engagements on a flat rate per day once we are able to gauge the size of the target environment.

‣ External Network Assessment

Targets: Internet facing systems and devices

Attack Parameters: May include both automated and manual attacks; Will usually NOT include exploitation of any identified vulnerabilities; Password cracking is usually in scope

Restrictions: Attack(s) usually limited to non-business hours

‣ Internal Network Assessment

Targets: Internal network devices, not limited to domain controllers, infrastructure services (WINS/DHCP/DNS), servers, workstations, printers and network devices

Optional: Configuration review of the firewall and internal
Attack Parameters: Unobtrusive system vulnerability scans may occur during business hours; Caution: there is potential for interruption of critical business systems

Restrictions: Internal network assessment will be conducted on-site

Will not include mainframe systems

May include both automated and manual attacks; but will not usually include exploitation of any identified vulnerabilities; password cracking is usually in the scope

‣ Wireless Assessment

Targets: Organization -Campus -Specific Building -or Facility

Attack Parameters: May occur during business hours for unobtrusive scans

Rogue wireless device detection; penetration testing, password cracking usually in the scope

Restrictions: Wireless security risk assessment usually limited to 802.11 technologies

‣ Social Engineering

Attempt to bypass security controls in order to gain access to sensitive areas or information

Targets: Individual – Organization – Campus – Specific Building – or Facility

Attack Parameters: May include physical access, telephone, and email/phishing

Restrictions: Attack may be performed any time

‣ Application Pen Test

Targets: Web-based production application, Internet facing IP address

Attack Parameters: May include both automated and manual attacks

May include attempts to gain access through social engineering

Restrictions: Will usually not include exploitation of any identified vulnerabilities

Password cracking is usually in the scope

Will not include a code review

Detection

Cybersecurity Analytics & Alerting Services

BorderHawk Cybersecurity Analytics & Alerting provides an ongoing awareness of information security, information technology vulnerabilities, and potential threats to support organizational risk management decisions.

By monitoring certain critical computer systems within your environment or analyzing information collected via the Internet regarding your organization, the BorderHawk Team is often able to isolate potential threat ‘indicators’ and extrapolate such knowledge into a proactive indication and warning processes.

We use a variety of proprietary tools to collect information, and then we employ a team of experts to analyze that data in order to reach conclusions about threats to your organization.

Technical Surveillance Countermeasures (TSCM)

BorderHawk can be available to conduct systematic physical and electronic examinations of designated areas in an effort to locate surreptitious eavesdropping devices or security weaknesses and hazards that would allow the compromise of sensitive or proprietary information.

Response

Cyber Incident Response

BorderHawk is available to help you manage all aspects of a breach including subsequent activities. Our experts are experienced in cybercrime investigations and can be available to provide liaison as needed.

In response to a breach, we work with you to:

Limit immediate incident impact to customers and partners
Recover from the incident and return to operations
Determine how the incident occurred
Help assess impact and damage
Determine who initiated the incident and help identify your options going forward
Review existing policies and protocols for adequacy
Review adequacy of other systems security
Develop long-term mitigation plans

Correction

CyberSecurity

Cyber Security Remediation and Mitigation

Discovery of People, Process, or Technology weaknesses (vulnerabilities) is most often made during the investigation of a breach or the result of comprehensive security audit.

Cyber Security Remediation Projects involve correcting vulnerability issues.

Cyber Security Mitigation Projects are designed to diminish the impact, severity, or cost associated with the potential exploit of a vulnerability, especially where the vulnerability cannot be remedied.