IT Security Services

About Us

IT Security Services for the following:

  1. Security Review: A security review offers a holistic view of a company’s IT environment.  The goal of a security review is not to provide an exact measurement of risk of assess how closely an environment is to a pre-defined standard.  Rather, a security review offers an overall view of an environment and provides an actionable list of solutions to minimize threats specific to an environment. 
  2. Internal/External Vulnerability Assessment: This is the best way to determine the specific threats facing a network.  Outdated or unpatched servers and programs, insecure or depreciated server settings, utilization of insecure or unencrypted services, weak or default credentials left on a system, and excessive guest or anonymous access are all evaluated to determine the security of a network. 
  3. Penetration Tests: Penetration Tests help to identify technical threats to the Confidentiality, Integrity, and Availability of the target systems.  Testing is a manual process of testing the logic and functional process of a network, application, or physical location.
  4. IT Security Risk Assessments: A risk assessment determines the type of controls necessary to protect assets and resources from threats.  The risk assessment process evaluates the likelihood of and potential damage that could be caused to a network by identified threats.  Measures of individual risk levels for each asset are taken to gauge the effectiveness of existing controls in place to defeat identified threats. 
  5. Social Engineering:  Social Engineering assessments may be undertaken to determine an organization’s susceptibility to psychological manipulation of staff to perform actions or divulge confidential information, which could lead to an infiltration of the organization’s physical location(s) or network(s).  This test may include phishing attacks, pretexting, media dropping, and physical security.
  6. Employee Security Training: Educating employees of the risks they pose to network security.  This may include training on ransomware, phishing attacks, malware, social engineering, and other possible network attacks. 
  7. Ongoing Security Monitoring: This allows clients to retain an IT security professional to regularly monitor their network security.  Doing so will help the client maintain the highest level of network security possible without hiring internal IT security staff. 
  8. Regulation Compliance Testing: Federal regulations require companies and organizations operating in certain high risk areas to maintain specific safeguards of data.  These tests evaluate the efficacy of the systems in place to meet these requirements.  The following are regulations for specific industries:
    1. PCI – Payment Card Industry
    2. HIPPA – Medical Industry
    3. GLBA – Financial Service Institutions
    4. NCUA – Credit Unions
    5. NIST – Federal Agencies

Contact Information

Mark Fetzer, JD, MBA
208.733.6581 (Office)