a

 
 

Security Assessments

In keeping with Connecting Point's commitment to provide solutions that address our customer's needs we have partnered with TraceSecurity, a CUNA strategic alliance partner, to provide independant Comprehensive Security Assesments. Enabling your organization to meet and exceed federal and state requirements. TraceSecurity supports FDIC, FFIEC, GLBA, HIPAA, NCUA, and OCC regulations. Contact us today for more details and pricing.

There are two core parts to the service: Comprehensive Security Assessment and External Penetration testing. There are other addons that include website compliance audit's etc.

 

Comprehensive Security Assessments- Onsite

TraceSecurity Comprehensive Security Assessments provide a thorough examination of your organization's network to determine the adequacy of existing security measures and to identify security deficiencies. An onsite assesment includes one onsite session with a TraceSecurity Engineer to perform components of the assesment. One remote reassessment is provided every 90 days during the term of the agreement.

TraceSecurity Comprehensive Security Assessments is based on Open Source Security Testing Methodology Manual (OSSTMM), one of the most widely-used, peer-reviewed, comprehensive security testing methodologies in existence.

Traditional vulnerability assessments are a snapshot of the organization's network; however, the TraceSecurity Security Assessment program includes use of TraceSecurity Compliance Manager. TS Compliance Manager incorporates TraceAssess, on-demand scanning; TraceAlert, real-time vulnerability notification; TraceComply, compliance and regulation information security review; TracePolicy, a policy tracker for policies, memos and other electronic information, and TraceTrain, an on demand customized awareness training for employees and customers.

TS Compliance Manager allows organizations to continue to scan their own network any time - 24 hours a day 7 days a week - to weed out potential threats and ensure that organizations are compliant with regulations and standards. Additionally, if preferred, TraceSecurity engineers can manage this continued assessment process.

TraceSecurity Onsite Comprehensive Security Assessment includes:

  • Policy Review
  • Policy Awareness Review
  • In-Depth Regulatory and/or Best Practice Review
  • Phone Line Review (War Dialing)
  • External Network Vulnerability Review
  • Internal Network Vulnerability Review
  • Employee Awareness Review
  • Network Topology Review
  • Third-Party Connections
  • VPN & Remote User Connections
  • Wireless Security
  • Security Countermeasure Review
  • Public Records Search
  • Use of TraceSecurity Compliance Manager (with a current subscription)
  • Physical Security Review
  • Network Topology Assessment
  • 3rd Party Service Vendor Analysis
  • False Positive Reduction Assistance
  • Offsite Consultation and Remediation Strategy
  • Core Engineering Team Review of results
  • Website Security Audit
  • Comprehensie Report (includes executive summary and technical reports)

 

Penetration Testing

Evaluate your defenses before a hack

TraceSecurity Penetration Test is a test that mimics the actions of real-life invaders simulating an actual attack and exploiting weaknesses in security without the usual dangers involved. Conducting a penetration test is a valuable tool in evaluating your security and preparing your defenses. With this unannounced security assessment, security vulnerabilities and exposures will be identified and exploited. Various tools are used to gather publicly available information.

Nature of Activities

TraceSecurity Penetration Tests follow documented open-source, standard security testing methodology.

  • Network Scanning
  • Port Scanning
  • System Fingerprinting
  • Services Probing
  • Exploit Research
  • Manual Vulnerability Testing and Verification
  • Limited Application Testing
  • Firewall and ACL Testing
  • Intrusion Detection System Testing
  • Electronic Dumpster Diving (Document Grinding)

Project Evaluation and Reporting

The assessment results in an extensive report containing:

  • Executive Summary
  • Business and Technical Risks and Recommendations
  • Penetration Test Methodology
  • A list of vulnerabilities broken down into areas of concern
  • Details and exposure of vulnerabilities
  • Penetrations by areas of concern
  • 'Capture the flag' results and successfully penetrated systems
  • Recommendations and counter measures

 

Demo

Product Demo

Exceed IT Security Requirements

 

IT Proactive

a

VOIP Telephony

a

Automated Remote Backup

a

 

Comprehensive Security Assesment Onsite

Included with CSA-Trace Compliance Manager

External Pen Test

Free-TraceAssure

 
 

 

Copyright © 1994 - 2007 Connecting Point Technologies Inc.

Where IT Sense Makes

Business Sense