Icon6.png
 

Our technical controls review is comprised of a bundle of individual services. By combining multiple service offerings into a single controls review, clients can save on the costs of multiple assessments in the future. If you are unsure what services you need, our experienced sales staff can help.

Internal Vulnerability Assessment - (IVA)

Our technical vulnerability assessment provides your organization with a clear understanding of technical risks present on your internal network. Many organizations face a number of threats from internal sources including disgruntled, careless, or bored employees. Additionally, threats that originate from external sources that exploit weaknesses in internal network controls such as weak, poor, or misconfigured systems and applications can present risk to your organization.

External Vulnerability Assessment - (EVA)

Our External Vulnerability Assessment provides your organization with an understanding of the risks present on your systems with an Internet presence. External threats are those posed by external sources such as hackers, viruses, and trojans to your systems that are accessible via the Internet. Typical systems include firewalls, routers, VPN concentrators, websites, email, and domain name servers. Testing will enumerate vulnerabilities and identify possible threats that the vulnerabilities pose.

Active Directory Security Review - (ADSR)

In most organizations, Windows Active Directory is a foundational security control. Surprisingly, many companies never bother to check whether their AD environments are properly hardened. Frequently, security features that can be enabled by security groups, file share permissions, group policy, and local policy are missing or inadequate. Our review focuses on how the organization uses AD security and how it compares to recommended best practices.

Password Strength Review - (PSR)

Are your password policies sufficient? Is it possible for a malicious hacker or insider to compromise passwords for sensitive systems or other users? We can perform testing to determine if your Windows Active Directory passwords are appropriate and adequately hardened against common attacks.

Wireless Network Assessment - (WNA)

Wireless networks by their very nature are accessible without physical access. Has your organization properly hardened its wireless environment? Have you checked for unauthorized Wi-Fi access points on your environment? Our wireless network assessment focuses on the appropriate security hardening mechanisms that should be employed and tests whether they are properly configured.

Icon7.png

Our Information Security Managerial Controls Review (MCR) assesses the organization’s security program. E3 evaluates an organization’s adherence to a desired standard. IT managerial and operational controls should set the tone for the organization regarding information security.

For 20 years, E3 has been providing organizations with GAP assessments for their IT controls based on FFIEC, NCUA, and state examination standards.

Some of the more common gap assessments we provide are:

NCUa/FFIEC

Unified FFIEC

ISO 27002

NIST 800-53

Nist cybersecurity

nist 800-171

Icon1.png

The E3 Penetration Testing service takes vulnerability testing a step further by exploiting any found vulnerabilities and attempting to gain access to systems. Using commonly accepted practices for penetration testing, we attempt to identify, exploit, and exfiltrate target systems and data.

internal Penetration Testing - iPT

External Penetration Testing - EPt

web application PENETRATION TESTING - WAP

Icon5.png

Spear Phishing Social Engineering Testing

In order to test the effectiveness of security awareness training, E3 will tailor a custom email phishing campaign.

Voice Social Engineering Testing

In order to test the effectiveness of security awareness training, E3 will develop a custom call scenario.

Onsite Social Engineering Testing

The E3 Onsite Social Engineering Testing evaluates whether adequate physical security exists and whether employees are properly trained to prevent unauthorized access to sensitive information. These simulations help heighten staff awareness to potential real-world threats that may target them. Sensitive information is not limited to but may include items like backup tapes, removable media, statements, reports, or paper with sensitive customer information, or physical access to the institution’s Local Area Network. 

Social engineering simulations are clearly designed to evaluate the institution as a whole and not to single out inadequate employee performance.

Icon6.png

Physical Security Review

We can help assess the physical security risks your organization faces, whether you need a ground-up physical security assessment or simply an assessment of your employees’ adherence to clean desk requirements. Depending on the scope desired, we can review the organization’s physical security controls in the following areas:

  • Policies and procedures around physical access

  • Physical management/electronic key management

  • Key log reviews

  • Dual control

  • Fire suppression

  • Auxiliary and backup power

  • Camera placement and coverage

  • IDF and data center security controls

  • Clean desk walkthrough


Icon10.png

Risk Assessment

The Risk Management process requires that management identify, assess, measure, mitigate, and monitor those risks that may be present due to the type of services offered and the systems employed to deliver those services. Generally, scoped out risk assessments are asset focused and qualitative in nature. In a qualitative approach, we will assign a rating to each risk and countermeasure that is derived from a consensus opinion of E3 and the organization being tested. We will develop scenarios to lay out the possible threats, their potential likelihood, and impact. We then factor in compensating and mitigating controls to determine the residual risk the organization may have in regards to its critical assets.