CGNET has been providing security services for decades. We offer services for potential vulnerabilities in your defense as well as finding malware implanted in your system (Advanced Persistent Threats). Our services focus on five areas:
Vulnerability Assessment
You’ve taken appropriate steps to make sure your network is protected from viruses, malware, and “bad actors” that want to compromise it. So you feel safe, right? But are you really sure?
Organizations regularly test their networks to confirm that there are no weak spots—vulnerabilities—that could be used to enter the network, take over computers and steal information. In fact, it’s considered a “best practice” to conduct such vulnerability testing twice a year. CGNET can do this for you.
What’s involved?
- A scan of all external IP addresses and web applications for vulnerabilities.
- An exploitation of the weaknesses uncovered to confirm which threats require immediate remediation.
What do I get?
Once the scan is completed, CGNET will produce a report for you that includes:
- Details of devices scanned and vulnerabilities found.
- A list of vulnerabilities, sorted by priority, along with an explanation of the potential security risk of each vulnerability.
- A management summary of the scan results with recommended remedial actions.
What are the benefits?
- Knowledge: You can’t fix what you don’t know is broken!
- The ability to demonstrate that your network is secure during audits or compliance reviews.
What does it Cost?
The cost is dependent on the size of your organization and number of IP addresses being tested. Please contact us for a quote.
Identity and Access Management
What is the #1 route that hackers follow to break into your network? Stolen user identities. Managing user identities and controlling what users can access is a key part of any cybersecurity program.
It’s easy for an organization’s Active Directory to become “polluted.” Accounts that were supposed to be temporary are never taken down. Users leave the organization, but their accounts aren’t deleted. Admins are given “global admin” roles because why not? After a time, these problematic accounts become just the wedge hackers are looking for to break into your network.
What’s involved?
• We scan your Active Directory, looking for user accounts that are no longer valid or have passwords that don’t expire.
• We look to see how many user accounts have administrative privileges.
What do I get?
Once the scan is completed, CGNET will produce a report for you that includes:
• Details of accounts scanned.
• A list of potentially problematic accounts for follow-up and remediation.
• A management summary of the scan results with recommended remedial actions.
What are the benefits?
• Reduction in the risk that user accounts could be used to break into your network.
• Better IT administration by reducing the number of administrators who could be targeted for spear phishing attacks.
What does it cost?
The cost for both a scan and report is $2500. Contact us if you are interested or need more information.
Information Security Training
According to a 2016 Ponemon Institute survey, “the number one security risk is employee carelessness.” 66 percent of respondents said that “employees are the weakest link in their efforts to create a strong security posture.” The best way to mitigate this risk is through effective, comprehensive training of users about information security.
What’s involved?
CGNET first works with your organization to customize end-user security training to your needs. We then provide a program of training that includes live classes, online training materials, phishing tests, and periodic user security updates.
What do I get?
The subjects covered in on-site training can include:
- Caution installing programs, opening attachments, clicking links, etc.
- Special caution with company data or financial assets
- Creating strong passwords, keeping them private and changing them
- Password managers
- Caution working remotely
- Protecting your credentials, e.g. multi-factor authentication
- Reporting security issues
In addition, we can run phishing tests on specific users and provide follow-up materials and quizzes to keep your users’ knowledge fresh.
What are the benefits?
- User awareness reduces the risk of information breaches.
- Organizations with effective security training have more confidence in their organization’s security efforts.
- Many regulations require end-user information security training in order to achieve compliance.
What does it cost?
The cost for an effective information security training program depends on the size of your organization and the training modules selected. Please contact us for more information.
Information Risk Assessment
Despite your best efforts, there’s a real chance that some of the organization’s information is going to be compromised. There are plenty of news stories about leaked emails, lost laptops and stolen smart phones, all of which caused previously private information to be made public.
Is your organization prepared to deal with this possibility? Information Risk Assessment helps an organization understand the potential impacts of compromised information security, whether it affects confidentiality, data integrity, or availability. It also prioritizes actions to address weaknesses in an organization’s information security. Preparation now can mean peace of mind later!
What’s involved?
• Information Asset Inventory: CGNET first works with your organization to document what information, devices and applications exist that could be considered sensitive, where they exist, and how they are currently secured.
• Risk Classification: Once this inventory of sensitive information assets has been developed, CGNET works with you to understand the severity of each class of security breach. For instance, disclosure of some kinds of information could have a financial impact, while others could have a reputational impact.
• Information Security Risk Matrix: CGNET then calculates the likelihood of each kind of breach occurring and combines this with the severity ratings to develop an information security risk matrix. By plotting each information asset on the matrix, controls to mitigate each risk can be prioritized.
• Security Comparison: CGNET then compares the security practices that are in place with industry standard controls, determining what improvements have to be made, in terms of the priorities of the risk matrix. The improvements are put onto a temporal roadmap, to provide a comprehensive plan.
What do I get?
CGNET produces a detailed report that includes the results of the completed assessment described above as well as a written:
• Strategy to close the gap between current and best performance, including technology, policies and procedures, and a
• Plan for the future: How should new and improved security controls be implemented over time?
What are the benefits?
Your organization gets a comprehensive view of its complete information security posture, rather than being influenced by events or the clamor of different security vendors. It prioritizes remediation measures and justifies their cost.
It is also a demonstration of how your organization has adopted best practices for information security which can improve donor confidence and demonstrate regulatory compliance.
Finally, the planning process helps sustain a dialogue with executive management about how information is shared and stored, so that information security concerns can be raised, addressed and given the priority they deserve.
What does it cost?
The cost for developing an Information Risk Assessment depends on the scope of the effort and the resulting time required. Please contact CGNET for a detailed proposal and quote.
Information Security Policy Development
If you want to encourage positive information security habits by end users and IT staff, and if you want to get top management involved, it’s critical to document expectations in the form of information security policies. Creating them codifies these expectations for everyone – from system administrators to help desk staff to end users.
What’s involved?
CGNET willfirst reviews what policies and procedures are already in place at your organization. Often these will be incomplete or not well observed, but they represent a starting point for new policy development. Next, CGNET will interview IT management and other relevant staff to understand the particular needs of the organization.
Once CGNET has collected this information, we will go forward with policy development, taking industry best practices into account. CGNET will review the draft plan with you and revise the plan as required.
What do I get?
CGNET will deliver an information security policy, as a single document or divided into multiple subject documents. We will also deliver an explanation of the policies intended for review with executive management as part of obtaining their support for plan adoption. CGNET can also provide training of your staff on the policy’s procedures.
What are the benefits?
Good information security is everyone’s responsibility, not just that of the IT Department. A general information security policy validates information security for the organization and sets expectations for all staff: “Here is what we need to do and why.” Information security policies also represent a focal point for documentation of your organization’s practices around information security, which are crucial in audit and compliance situations.
What does it cost?
The cost for development of an Information Security plan is dependent on the scope of the effort and the resulting time required. Please contact us for a quote or more detailed information.
