Our Security Assessments at a glance:

• Custom testing tailored to your business operations

• Department-specific process reviews

• Vulnerability identification and remediation

• Network, server, firewall, and workstation testing

• Threat scope and compliance discussion

Schedule a Security Assessment before it’s too late!

Not Just a Report, But a RoadMap

The best testing in the world means nothing if you don’t get actionable, easy to understand information from it.

That’s why every JSCM Group Security Assessment report is handwritten with a detailed breakdown of your organization’s strengths and weaknesses. We grade the various aspects of your network on our scale, then provide you with a roadmap on what to fix, how to fix it, and how severe the issue is. What you end up with is a full, detailed plan on how to protect your organization from threats.

The information we find will be presented to you as a: 

• Report on All Items Found During Testing

• Presentation on State-of-Security to Management and Executives

• Report on Business Process Assessment and Recommendations

• Remediation Listings for All Identified Weaknesses

• Report on Social Engineering Vulnerabilities

• Threat Scope and Compliance Discussion

Social Engineering

Social Engineering and Spear Phishing attacks are now the primary way breaches begin. Up to 98%. So how do you protect against them? Simply, your organization must be able to spot an attack, and know what to do about it. There’s no service or appliance that will protect you. Only knowledge will. 

Our Social Engineering Testing focuses entirely on customized Spear Phishing attacks. We work with you directly to create and execute a simulated attack. No automation, all custom, all done by hand. Because that’s how successful real-world attacks are done.

Penetration Testing

While plenty of services out there can run scans on your external presence, few will be able to give you an accurate view of what your vulnerabilities actually are. That’s because they rely on automation of a program and not the skills and knowledge of an experienced real, live human.

All of our Penetration Testing is customized, and done by an actual person, who knows how to try and break in to a network. Giving you a real-world test of what your network can stand up to. We don’t just scan and move on, we find the holes in your network, before the bad guys can.

Business Process Review

At the beginning of our Security Assessment, we will have a meeting with I.T. management to review the business processes of your organization.  The purpose of this is to determine how day-to-day operations are handled, and to identify any possible areas of vulnerability.  This Business Process Review will allow us to customize our assessment and will help us determine your exposure level. 

Why Perform a Security Assessment?

Sometimes it's hard to know where to even begin. There are too many things that all need to be taken care of, and they are all very important to the security of your network and organization. We all want to be better-equipped to defend our organization against an external or internal threat. You need a plan for that. 

Our Security Assessment service dives deep into your network, looking at all aspects of security to determine and highlight potential risks. Taking a holistic approach, we build each test to take into account all aspects of your network. From the hardware and software itself, to the business process and social engineering, we dive deep into every factor that contributes to keep your clients, your employees, and yourself protected.

Topics related to I.T. business processes include:

Policies and Procedures

• Tech Support and Help Desk Procedures

• End-User Agreements and Other Policies

• Implemented Security Training

• User Onboarding and Termination Procedures

Data Handling

• Determination of Sensitive Data

• Data Backup and Disaster Recovery

• Sensitive Document Security and Disposal

• Password Policies and Restrictions

Equipment Handling

• Equipment Acquisition and On-boarding

• Equipment Disposal

• Equipment Inventory

• Mobile Device Security

User Access

• Process for Accessing Network Remotely

• Multi-Factor Authentication Procedures

Access and Monitoring

• Wireless Network Review

• Breach Identification and Procedures

• User Activity Tracking

• Intrusion Prevention Procedures

Email Procedures and Security

• Email Hosting

• Email Archiving and Legal Hold Review

• Email SPAM Procedures

Applications

• Patch Update Procedures

• Antivirus Implementation and Monitoring

Vendors

• Vendor Access Determination

• Vendor Access Monitoring

Compliance and Regulation

• Regulation Requirements

• Compliance Requirements

• Assessment Requirement

During the Business Process Review, we will also require access to individuals at the Executive, Accounting and Human Resource level. 
We will review items related specifically to their departments, including:

Executive

• I.T. Department Turnover Procedures

• Technology Documentation

• Breach Notification

Accounting

• Accounting Authentication Processes

• Check/Payment Storage

• Money Transfer Procedures

Human Resource

• User Activity Tracking

• Employee Turnover Procedures

• Confidential Information Storage