bai security - brochure - breach risk assessment

Considering the likelihood of a compromise, wouldn’t you like to know how it would happen and how to protect yourself before a data breach? Breach Risk Assessment This service objectively informs businesses where to adjust their security technologies, train their staff, and enact security practices that better protect critical systems and sensitive data against real-world threats. IT Audit & Compliance Specialists Contact us for a free consultation. 2401 W. HASSELL ROAD, SUITE 1540, HOFFMAN ESTATES, IL 60169 | 847.410.8180 | WWW.BAISECURITY.NET Using multiple key attack vectors, BAI Security provides a comprehensive evaluation of your organization’s breach risk from modern-day threats in one vital assessment. Assessment Threat Vectors Internet-based (external penetration testing) Social Engineering (phone, email, & in-person) Physical Access (perimeter sweep, building access, secure interior room access) Black Box (planting rogue remote-access devices into the production network) Secure Document Disposal (secure / common waste disposal, dumpster inspection) Wireless (forged authentication, encryption testing, device spoofing) How would you prefer to find out about the weak link in your information security program?

Upload: prahlad-reddy

Post on 18-Aug-2015

17 views

Category:

Documents

3 download

Report

Download

Tags:

Embed Size (px):

TRANSCRIPT

Considering the likelihood of a compromise, wouldn’t you like to know how it would happen and how to protect yourself before a data breach?

Breach Risk Assessment

This service objectively informs businesses where to adjust their security technologies, train their staff, and enact security practices that better protect critical systems and sensitive data against real-world threats.

IT Audit & Compliance Specialists

Contact us for a free consultation. 2401 W. HASSELL ROAD, SUITE 1540, HOFFMAN ESTATES, IL 60169 | 847.410.8180 | WWW.BAISECURITY.NET

Using multiple key attack vectors, BAI Security provides a comprehensive evaluation of your organization’s breach risk from modern-day threats in one vital assessment.

Assessment Threat Vectors

Internet-based (external penetration testing)

Social Engineering (phone, email, & in-person)

Physical Access (perimeter sweep, building access, secure interior room access)

Black Box (planting rogue remote-access devices into the production network)

Secure Document Disposal (secure / common waste disposal, dumpster inspection)

Wireless (forged authentication, encryption testing, device spoofing)

How would you prefer to find out about the weak link in your information security program?

Page 2: BAI Security - Brochure - Breach Risk Assessment

Contact us for a free consultation. 2401 W. HASSELL ROAD, SUITE 1540, HOFFMAN ESTATES, IL. 60169 | 847.410.8180 | WWW.BAISECURITY.NET

A Breach Risk Assessment is designed to answer the question: “What is the real-world effectiveness of my existing security controls against an active, human, skilled attacker?” IT Security and compliance audits check for the existence of required controls, as well as the proper implementation and maintenance of security technologies, but even a 100% compliant organization can often be vulnerable in the real world against a skilled human threat agent.

Information / Control Targets

Customer/Member Account Information Customer Social Security Numbers Credit Card Data Elevated Privilege (admin) User Accounts User/System Passwords

The Process

1) Assessment of real-world threat vectors

2) Circumvent Security Systems & Controls

3) Compromise Perimeter/Internal Systems

4) Establish Persistent Internal Connections

5) Gain Network User Account Access

6) Gain Elevated Privilege (admin) Access

7) Identify Key Systems & Databases

8) Establish Backdoor Access to Key Systems

9) Capture Sensitive Data for Validation