Incubator tests and evaluates the security of your IT infrastructure.

Through a variety of methods, we attempt to discover potential weaknesses in multiple areas of your organization, if any.

Our goal is to reduce your risk by finding and fixing potential vulnerabilities.

For example, we can help you lock up your data to comply with:

•  International Organization for Standardization (ISO/IEC) 27000 family for Information Security Management Systems

•  U.S. Commerce Department’s National Institute of Standards and Technology (NIST) cybersecurity frameworks

•  European Union’s General Data Protection Regulation (GDPR)

•  Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

•  GLBA, HIPAA, SOX, and various USA state laws and regulations

Background

Cybersecurity threats can come from many internal and external sources.

Preventing breaches to employee, customer and other sensitive data, as well as damage to system software and other infrastructure is not only an investment in your systems, but your reputation as well.

In addition, many industries — such as medical, legal, accounting, banking, and other financial services — are subject to regulatory and other requirements that mandate cybsecurity protocols.

Our goal in assessing the strength of and any risk to your system is to shore-up all open gateways where intruders may try to enter, before they do.  Moreover, we also assist in meeting and maintaining regulatory requirements.

Methodology

Our minimally intrusive process involves working with our clients to gain access to their systems without disrupting their normal flow of business.

Normally done in off-hours, we run a series of tests from our offsite location and within your networks. These remote tests are compiled, analyzed and validated.

The end product is an easily understandable report that provides detailed information about your potential security risks and recommendations on how to close the gaps.

More specifically, we use a well-established and standard approach consisting of the following seven (7) main elements:

·  Pre-engagement Interactions

·  Intelligence Gathering

·  Threat Modeling

·  Vulnerability Analysis

·  Exploitation

·  Post Exploitation

·  Reporting

The initial phase involves testers who work behind the scenes in order to get a better understanding of the tested organization. The process moves forward to include technical security expertise, combined with business understanding of the engagement, and finally to the reporting.

This all culminates in the capturing of the entire process in a manner that makes sense to the customer and provides the most value.

Interested?