Cyber Security Services

If BPM TS is working with you in any capacity, security is always baked into our work. If you have specific security related needs we offer many services as follows but not limited to:

Vulnerability Management

Internal and external network scanning.

Unauthenticated Vulnerability Scan

An unauthenticated vulnerability scan is a process that explores a network or system for vulnerabilities without requiring authorized user credentials. This type of scan examines a target system from an outside perspective and does not involve manual attack methods. By conducting unauthenticated vulnerability scans, businesses can better assess their security risks and identify areas for improvement.

Authenticated Vulnerability Scan

Authenticated vulnerability scans utilize privileged credentials to uncover potential security threats such as weak passwords, malware, configuration issues, and installed applications. By providing greater visibility into a network, authenticated scans help identify what users have access to, allowing for more comprehensive risk assessments. It’s important to note that these scans do not involve manual attack methods. Incorporating authenticated scans into a business’s security protocol can help mitigate potential risks and safeguard against cyber threats.

Security Awareness Training

Basic Phishing Test

Up to 100 users**. This is a free basic phishing test which will produce a PDF report of your users phish pron percentage.

Advanced Phishing Test

This is a multi-day phishing attack which utilizes multiple attack methods to obtain user information, credentials and critical data. This attack simulates what a bad actor would perform prior to infiltrating your network.

Social Media Phishing Attack

Many of your users are active on Facebook, LinkedIn, and Twitter. The bad guys use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization’s reputation, or gain access to your network.

Compliance / Audits

CIS Implementation Group 1

CIS Controls v8 defines Implementation Group 1 (IG1) as essential cyber hygiene and represents an emerging minimum standard of information security for all enterprises. IG1 is the on-ramp to the CIS Controls and consists of a foundational set of 56 cyber defense Safeguards. This assessment is commonly used for cyber security insurance “check boxes” and covers the basic needs for a small business.

CIS Implementation Group 2

Implementation Groups (IGs) are the recommended guidance to prioritize implementation of the CIS Critical Security Controls (CIS Controls). IG2 is comprised 74 additional Safeguards and builds upon the 56 Safeguards identified in IG1. More commonly used assessment for medium size businesses that are not adhering to other security controls like NIST, ISO, PCI, SOC 2, etc.

CIS Implementation Group 3

Implementation Groups (IGs) are the recommended guidance to prioritize implementation of the CIS Critical Security Controls (CIS Controls). IG3 is comprised of an additional 23 Safeguards. It builds upon the Safeguards identified in IG1 (56) and IG2 (74) totaling the 153 Safeguards in CIS Controls v8. Commonly used for Enterprise sized organizations or organizations that want to insure all safegaurds are in place at the most critical areas of their business. Organizations who really value security.

PCI DSS Gap Analysis

A PCI DSS Gap Analysis reviews an organization’s cardholder data environment (CDE) against the latest version of the Payment Card Industry Data Security Standard (PCI DSS). In-scope systems and networks are reviewed and a detailed report is compiles, showing areas that need attention.

SOC 2 Gap Analysis

A compliance gap analysis also known as a compliance gap assessment, compares an organization’s internal operations and controls with requirements described in regulations and standards.

HIPPA Audit Assistance

Offensive Security

Unauthenticated Penetration Testing

Looking to safeguard your organization against potential cyber attacks and data breaches? Consider penetration testing – a type of ethical hacking that mimics attacks on your network and systems. This manual process, performed by experts, goes deeper into your environment than automated vulnerability scans and aims to identify exploitable vulnerabilities that may go undetected. Unlike automated scanners, penetration testing experts can spot security issues that are difficult to detect with automated tools. Unauthenticated testing is also available, simulating an attacker without disclosed credentials. With penetration testing, you can take proactive steps towards strengthening your cybersecurity defenses and protecting your business from potential threats.

Authenticated Penetration Testing

Looking to ensure your business is protected against potential cyber
threats? Consider penetration testing – a form of ethical hacking that simulates attacks on your organization’s network and systems. The goal of penetration testing is to identify exploitable vulnerabilities that could lead to data breaches. Unlike automated vulnerability scans, penetration testing is a manual process performed by experts who have the expertise to dive deep into your environment to identify security issues that automated scanners may miss. Authenticated testing can even simulate attackers who have obtained user credentials through phishing attacks or other means, including insider threats. By incorporating penetration testing into your cybersecurity strategy, you can proactively identify and mitigate potential security risks, protect your organization’s sensitive information, and enhance your overall security posture.

Defensive Security / Security Operations

IDS / IPS Solutions

WAF Solutions

Assessments

Vendor Management

Risk Analysis / Management

End Point Protection (AV, EDR)