Cybersecurity Services: Flex-Protection Information Security And Tools

Security Self-Assessment

Please select the response that best represents your company or organization for each risk factor.

Do you have a written Information Security Policy that is endorsed and supported by top management?
How often are employees and management given Security Awareness Training (SAT)?
Do you have a documented Data Inventory - a list of key data stores, where they are located, and how they are protected?
Is there a convenient list of Security Best Practices that all computer users are familiar with?
Is critical data backed up automatically every day, onto separate computers used for this purpose?
Does your company have remote or traveling employees who need network access?
Have you had a network vulnerability scan or professional security assessment from a third party consultant or advisor?
Does your company or organization have a public-facing web site?
Are you covered by a Data Defender subscription to insure best practices and basic documentation?

We need to have a brief “discovery” conversation to identify options.
We could use help developing or reviewing a formal data security policy.
We could use a detailed plan for threat assessments and active security testing.
We are looking for scanning and testing to identify possible exposures.
We need to get our arms around the most critical risks and how to reduce them.
We want to reduce risks by providing Best Practices education for our end users.
We want to know what modern tools and systems are available for protecting our data.

Low-cost review and guidance:

Review and suggest improvements to your Data Security Policy.
Review/develop your Security Testing Plan.
Perform vulnerability scans of your network and/or web applications.
Provide tips for "hardening" your devices, applications, and data storage.
Provide an online "Security Awareness" course highlighting end-user best practices.
Identify additional steps to improve overall security without disrupting operations.

System and data attack tactics should be similar to those used by actual hackers who have malicious intent.
All passive and active research steps, and all attempted attacks sould be performed only with permission from the client.
All penetration testing work will be done to the highest ethical standards, with no external agenda or purpose.
The privacy of all users, managers, and staff will be respected and no collected data or passwords will be published or distributed elsewhere.
Every effort is made to minimize or eliminate impact on current operations during the security testing.
Permission to access users, computers, data, and networks must be granted before any assessment work is begun.