Whether you are required to meet compliance with the NERC CIP Reliability Standards (CIP-005-2, CIP 006-2, CIP 007-2) or are protecting the reliability of financial systems, medical information, intellectual property, personal identities or meeting critical regulations, enforceable strong cyber security practices are a market requirement. Effective logical and cyber security programs, electronic security perimeters, log monitoring, password controls and hierarchical permissions, etc. are a must in today’s business environments.
Cyber Security Vulnerability Assessments & Cyber Penetration Testing
The perfect logical/cyber security system was once defined as a system that was never connected or turned on. Since this solution doesn’t fit any of today’s businesses, different real world solutions are needed. CRSI’s cyber and logical security services are holistic programs deployed along a layers-in-depth philosophy. Our focus is on meeting best in class standards (NIST SP 800-53, NIST SP 800-53A, NIST SP 800-115, ISO 27001 & ISO 27002, ITIL) to achieve a defined assurance level.
The above solutions may utilize multiple approaches varying from layered, firewalled networks, intrusion detection systems, intrusion prevention systems, strong authentication protocols, automated log monitoring, encryption, automated provisioning, automated policy enforcement and separation of administration, operations and R&D functions. Technical solutions are paired with pre-defined policies, plans and workflow procedures, defined responsibilities and interactive security training and awareness programs.
Our cyber security vulnerability assessments include systems security validation through our credentialed cyber security vulnerability assessment testing/auditing solutions, which focus on a well-defined systems testing model (OSSTMM 3.0) that can include “black box” penetration testing, “white box” cyber vulnerability analysis testing, wireless systems testing and social engineering attempts. These testing modules include: intelligence scouting; network surveying; port scanning; system identification; services identification; penetration testing; internet applications testing; router ACL testing; firewall rules testing; trusted systems testing; containment measures testing; request testing; guided suggestion testing; trust testing; and wireless networks testing. Additionally, our testing uses best practices from NIST SP 800-53A, NIST SP 800-115, ISO 27001:2005 and SCADA Systems Security protocols, and can be formatted to meet PCI Compliance.
While other firms may appear to be similar to Corporate Risk Solutions because they share one or two of our credentials, it is important to note that we surpass our competitors in our knowledge, credentials, and experience with regards to Cyber & IT Security. Here are some of the reasons why more than 50 clients have made the decision to partner with Corporate Risk Solutions:
- Our Cyber Security Vulnerability Assessment Methodology (OSSTMM 3.0) exceeds the criteria of the NERC CIP Standards (as defined in CIP-005-2, CIP-006-2 and CIP-007-2); meets the NIST SP 800-53A and NIST SP 800-115 Standards; and meets the three-tiered approach (Interviewing, Documentation and Technical Testing) as established in ISO 27001:2005.
- Our methodology (OSSTMM 3.0) is referenced under the NIST Standards as an approved methodology.
- Our primary cyber vulnerability screening tool (“SAINT”) is one of only two tools developed in the U.S. and is capable of working across multiple operating systems (i.e. Unix, Microsoft, Oracle, etc.), and has been successfully used to test various utilities’ SCADA systems.
- In addition to holding the respected credential “CISSP”, our consultants are highly credentialed in supporting areas that include Certified Ethical Hackers (C|EH), Certified SCADA Security Architects (CSSA), EC-Council Security Analysts (E|CSA), and Licensed Penetration Testers (LPT).
Services Offered
- Cyber Security Vulnerability Assessments
- Cyber Penetration Testing (Black Box, White Box, Social Engineering, Wireless Testing)
- Cyber Security Policy & Procedural Development
- Cyber Security Training & Awareness Programs
- IT Disaster Recovery Resiliency Initiatives
- Electronic Security Perimeter Mapping and/or Design
- IT Computer Forensics
- Cyber Security Audits and Testing
Cyber Security Client Listing
- Aquila
- Colorado Springs Utilities
- CURRENT Group
- JEA
- Kansas City Power & Light
- OGE
- Vestas Wind Systems
- Western Farmers Electric Cooperative
To receive a quote for services and/or to hold a specific date for your project, please call Travis Emerson at 913-322-5404 or contact Corporate Risk Solutions here.
