Cyber Tiger has extensive experience in performing recurring Security Assessment services focusing specifically on vulnerability and penetration services in support of auditing and independent testing and continuous monitoring activities. We approach Cyber Security in four phases
Phase 1 – Penetration Testing
Phase 2 – Internal Security Audit
Phase 3 – Post Assessment Phase
Phase 4 – Recommendations & Training
A penetration test is the process of actively evaluating your information security measures. There are a number of ways that this can be undertaken, but the most common procedure is that the security measures are actively analyzed for design weaknesses, technical flaws and vulnerabilities; the results are then delivered comprehensively in a report, to Executive, Management and Technical audiences.
One of the advantages to an assessment conducted by Cyber Tiger is that a Cyber Tiger assessment can be classified as a self‐assessment. Many organizations that perform assessments for Federal agencies have a statutory requirement to report and disclose the results of the assessment to the agency’s governing body. Once the results of the assessment have been disclosed to the governing body of that agency, they are required by law to respond to the assessment and provide a timetable for addressing each finding in the assessment report as well as a plan of action for how each finding will be addressed.
While there is a requirement, and a need, for this type of test, by utilizing Cyber Tiger to perform an assessment the agency is afforded the opportunity to self‐identify issues and correct them prior to being subjected to a regulatory assessment. This correction process can be accomplished at the discretion of the agency and can be used to prepare for the statutory assessment so that there are significantly fewer findings reported by the organization that conducts the statutory assessment. There are several reasons why organizations choose to perform a penetration test ranging from technical to commercial, but the most common are:
- To identify the threats facing your organization’s information assets so that you can quantify your information risk and provide adequate information security expenditure.
- To reduce your organization’s IT security costs and provide a better return on IT security investment (ROSI)
by identifying and resolving vulnerabilities and weaknesses. These may be known vulnerabilities in the underlying technologies or weaknesses in the design or implementation.
- To provide your organization with assurance ‐ a thorough and comprehensive assessment of organizational security
covering policy, procedure, design and implementation. weeks (depending on the network size and requirements)
from conclusion of Vulnerability Analysis (Off‐site) Phase and includes:
- On‐site in‐brief of activities during this phase and Interview site personnel.
- Review detailed network information and compare findings from offsite evaluation.
- Review policies and procedures and conduct on‐site security evaluations of systems as required/requested.