Cervais Cyber security solutions can help an organization, develop, improve or communicate security and privacy strategy. From risk assessments and compliance reviews to certifying new devices and developing security policies, we’ve got your back with a full suite of Cyber security services.
Risk and Vulnerability Assessments
Our Cyber Risk Program is designed to provide an objective review of your ability to prepare for, recognize and respond to today’s IT security threats
Security Architecture and Design
The importance of protecting your business from cyber threats, these threats can come at you from any direction – both physical and virtual and you need to be prepared
Security Policy and Compliance
Ensuring your people work together to adhere to corporate policies and guidelines
Ensure resilience into your organization around all of your importance assets including mobile devices, cloud and the Internet of Things
Protect your network, your data and other resources from cyber attacks
Adoption of an intelligent, secure, agile infrastructure helps organizations anticipate, stay ahead of and react to market changes to remain competitive.
RISK AND VULNERABILITY ASSESSMENTS
We help our customers identify risks and determine if their current and planned security mechanisms will mitigate those risks. We perform threat and vulnerability assessments, a systematic examination of security in order to determine the adequacy of security measures. Identify security deficiencies, and provide data from which to predict the effectiveness of proposed security measures. The objective is to identify and qualify the protective measures and controls that are prescribed to meet the security requirements of the customer. Services include:
- Risk Assessments – utilizing leading security risk assessment methodologies to identify business and technology risks, and can include quantitative risk analysis.
- Vulnerability Assessments – interviews and testing designed to locate and prioritize vulnerabilities in the client’s environment utilizing guidelines such as NIST, ISO 17799, and other frameworks.
- Security assessments for individual technologies – platforms, wireless, voice, network, email, applications, using Cervais’s Information Security Framework. These components can be executed individually or as part of a larger vulnerability assessment.
- External and internal penetration testing.
- Regulatory compliance reviews – NIST, Sarbanes Oxley, PCI, JIPPA, GLBA, and Industry Guideline’s
- Enterprise security reviews – designed to assess security across the enterprise, encompassing many aspects of vulnerability assessments but on a wider scale.
SECURITY ARCHITECTURE AND DESIGN
We work with the customer to craft a framework that will fulfill current and future operational needs, whether the operating environment is distributed, heterogeneous, or proprietary. We architect solutions for individual workstations, networks, mainframes, or total operating environments and ensure tight integration with the customer’s established plans and policies. Other areas include:
- Network Security
- Assessment and Authorization
- Technical security controls
- Physical and environmental controls
- Vulnerability Management
- Virus Protection
- Information classification and management
SECURITY POLICY AND COMPLIANCE
Your reputation is one of your most valuable assets. Every day, hackers, phishers and other malicious attackers are trying to compromise your data. Even if the initial financial cost of stolen customer data is small, it’s the negative press and the ensuing reputation loss that can create incalculable losses to customer relations. In an effort to protect customers, the government has instituted regulations including Sarbanes-Oxley, SEC Rule 17a-4, NASD – 3010, and the Gramm-Leach-Bliley Act that require compliance. Cervais understands the new and evolving issues for finance and insurance companies. That’s why we’ve packaged a complete solution known as the Cervais Security and Compliance Solution.
The Cervais Security and Compliance Solution helps maintain your organization’s security by uniting essential ingredients of perimeter protection and message archiving for business continuity and compliance purposes. Do away with piecemeal approaches that are expensive and complicated to maintain. With Cervais, there’s only one vendor to call for the design, implementation, configuration, testing and ongoing support. Other Services include:
- Security policies and practices
- Risk Management and governance
- Personnel security controls
- Security and privacy management
- Security awareness and training
Cervais’s Cyber Defense services is based off the CERT Resilience Management Model and follows the recently established NIST Cybersecurity Framework. It is a voluntary, non-technical (to an extent) assessment to evaluate the operational resilience and Cybersecurity capabilities of an organization. We do this by examining an organization’s Cybersecurity resilience practices across ten domains:
- Asset Management
- Controls Management
- Configuration and Change Management
- Vulnerability Management
- Incident Management
- Service Continuity Management
- Risk Management
- External Dependency Management
- Training and Awareness
- Situational Awareness
Penetration Testing (or pentests for short) is a real-life test of trying to utilize known (and sometimes unknown) exploits, social engineering and other techniques and attacks to gain access to resources and data inside an organization that should be protected from unauthorized access. These tests are used to determine what systems are vulnerable to attack before an actual attack happens, so that an organization can close those gaps or mitigate the risk associated with known and unknown vulnerabilities
Penetration Testing is an involved process that organizations need to discuss with professionals to understand the ramifications of such tests. The level of which the test should be done, the rules of engagement behind the test and the duration if the test are base items that need to be understood and agreed to before any testing actually starts. Penetration tests are not just to see if someone can “hack” your organization. A professional penetration test is about identifying, and mitigating business risk associated with a cyber-attack.
Cervais provides both penetration testing services and penetration test consulting services, assisting our clients with understanding not only the value behind a test, but the intricate details behind the testing, including, but not limited to:
- White box/black box testing
- Understanding and explanation of Scope
- The implications of currently implemented deterrent technologies on pen tests
- Determination of the systems that should be tested
- Understanding the rules of engagement and explanation of why they are important
- Clear definition of the time allotted for testing and its importance to scope
In today’s connected world, cyber-attacks can happen just about anywhere. And especially with the explosion of the IoT, security needs to be everywhere, too. That’s why many top business leaders are making cybersecurity a critical part of their overall business strategies.
But without the right organization behind it, a strategy is just a strategy. For cyber investments to pay off, you need the know-how, skills, and tools to translate strategy into action.
Cervais’s Cyber Transformation team helps companies execute their cyber agendas and realize their cyber goals by building and improving internal processes and technology environments. By guiding organizations like yours through large and complex cyber initiatives, we help create successful cyber programs that dramatically improve security posture and enable—not encumber—the business.
With rigorous approaches and deep experience, we focus on solving four major transformation challenges facing cybersecurity leaders:
- Governance, Risk Management and Compliance – If you’re grappling to keep pace with emerging cyber threats, comply with tough global security requirements, and keep your stakeholders and the public happy, too, you may be in the market for security GRC software. We help organizations select, implement, and leverage the right GRC tool to improve oversight and resilience and ease the compliance burden.
- Program delivery – As cyber investments increase in both size and importance, so does the challenge of successfully executing the cybersecurity portfolios. We assist organizations with especially large and complex cybersecurity programs to embed new processes and technologies into their environment in a sustainable manner. Our services include strategy, portfolio management, and service improvement.
- Technology integration – Overwhelmed by the myriad of cybersecurity solutions available to your business? With deep experience in technical implementation, operations, and support, we help companies wade through the complex landscape of cyber products and increase the value they get out of their cyber technology investments.