All of The McMillen Group’s services can be utilized to aid in your regulatory compliance with:
- The Sarbanes-Oxley Act, Section 404
- Payment Card Industry Data Security Standard (PCI DSS)
- The Gramm-Leach Bliley Act (GLBA)
- The Health Insurance Portability and Accountability Act (HIPAA)
Vulnerability Assessments
An organization's IT infrastructure is constantly changing. New applications and services are rolled out, upgrades are performed, and new vulnerabilities are discovered every day. To manage this risk you need to be able to identify and prioritize the vulnerabilities that exist in your infrastructure. Vulnerability assessments are a critical tool in ensuring this. The vulnerability assessment is an exhaustive methodology that tests one or more systems and/or networks for known and potential security vulnerabilities. Following the vulnerability assessment, The McMillen Group delivers a detailed written report to its clients advising them what systems were tested, written descriptions of each vulnerability identified with specific backgrounds, consequences, and prioritized recommendations for remediating them.
External Vulnerability Assessment – Vulnerabilities that may exist between an organization’s external network and the Internet. This service simulates various electronic attack methods that could be launched against an Internet access point.
Internal Vulnerability Assessment – The Internal Network Vulnerability Assessment can be performed in conjunction with the External Test and includes an in-depth analysis of the organizations’s internal network. It is estimated that approximately 80% of security breaches occur from inside the internal network. This vulnerability assessment will analyze the risks to internal devices and suggest specific hardening techniques to resolve any concerns that are identified.
Penetration Testing
These tests use an evolving process that includes cutting-edge tools, mimicking the activity of a determined hacker. Instead of a “canned” approach to testing, we tailor our procedures according to your specific needs and concerns, helping to increase the cost-effectiveness of this service. The depth of the penetration testing may be established at your discretion – from basic attempts of unauthorized access and web-site defacement to full-scale denial-of-service.
Each penetration test includes a detailed report of any identified vulnerability, classified by the likelihood it could be exploited and by the impact which it might have on the Company’s network. The data from these periodic vulnerability assessments and/or penetration tests could be compiled throughout the year and presented in consolidated format in an annual report.
Social Engineering Testing
The human element of your company’s security may be tested along with your fixed information systems. These tests are tailored to your objectives and highly customized to fit your situation.
Risk Assessment and Information Security Program development
We consult with management to assist in analyzing the systems and risks within the organization and determining critical applications and safeguards. We can facilitate development of the organization’s Risk Management Program, as may be necessary to comply with regulatory guidelines. By facilitating this analysis, we maintain the independence to perform future assessments but still supply the analysis, discipline, outside perspective, and practical suggestions for documenting the results.
Policy Review
Security policy documents should be living documents. They should change and evolve as your organization grows and as technology changes. Your policies must undergo regular review to ensure that the necessary policies exist and that existing policies do not hinder the business process. With our exposure to a wide variety of situations in a variety of organizations, The McMillen Group can assist in the development or refinement of the organization’s Information Security policies to leverage your limited time and staff.