We assist our clients in becoming as secure as possible against outside attack, and work to ensure that our clients are compliant with latest regulatory requirements.
Vendor Due Diligence
As most companies now have a great deal of data in the cloud, security risks at third-party vendors' are just as important as the organization’s. Regulators recognize this and continue to focus on this during examinations. The due diligence review process provides assurance that a vendor or potential vendor is stable and has both reputation and practices indicating that it is secure. It has been the case multiple times that when a vulnerability was discovered with a cloud provider’s website, our team worked with their technical team to provide detail on how to remediate the vulnerability.
Risk assessments evaluate company’s risk to reputation, assets, people, privacy, integrity of systems and data loss. We review general security and risk to IT as well as examine remediation and mitigation. Detailed systematic methodology and scoring system are applied. Our remediation suggestions can be used as a first step in budgeting, scheduling, and understanding changes that should be addressed to improve the security infrastructure and environment of our clients. We also make sure clients are compliant with the latest regulatory requirements.
Policies & Procedures
We create and review policies and procedures focused on information security. Policies and procedures, along with implementation, are incredibly important from a regulatory perspective. These are often the main elements that regulators review during examination. We use a hands-on client-focused approach to create new policies from scratch as well as review existing policies, making sure they encompass the organization’s standards and meet the latest regulatory requirements.
We approach penetration testing as a proof-of-concept to exploit vulnerabilities that have been discovered during in-depth reconnaissance. Our security engineers use industry standard tools and work-flows, tailoring each engagement to best suit our clients, in order to find and exploit vulnerabilities. We provide detailed reports with findings and recommendations on how to fix or defend against vulnerabilities discovered for both an executive and technical audience.
It is often the non-malicious, uninformed employee that can cause a threat to information security. Hackers take advantage of innocent employees using different hacking techniques to make them a victim. When employees attend regular training and understand threat vectors, they are better equipped to stay ahead of hackers. Cobaltix Compliance offers Cybersecurity Awareness Training onsite or via web conference.
We perform vulnerability assessments on external networks, internal networks, and company websites. This multi-step process is designed to be performed in an unobtrusive manner by an experienced security engineer. Our final report includes both a detailed technical breakdown for IT staff as well as a brief executive level summary with recommendations for remediation.