Management asked Elliott Davis to help answer: “Are my hosted systems and applications systems in compliance to support information security at the agency?”
Context
- Customer responsible for overall approach to information security at agency and operational security aspects of its hosted systems and applications
- Needed to assess security posture of applications and systems
- Necessary to ensure regulatory requirements were met
Our Approach
Over 5 weeks, we completed:
- Internal Penetration Testing
- External Penetration Testing
- NIST 800-53 Assessment
- Device Configuration Review / OSSA (Operating System Security Assessment)
- Network TAP Analysis and Inventory of Devices
- Web Application Penetration Testing
Customer Results
- Identified areas of risk that could lead to exposure
- Provided real insights into system and process weaknesses with future areas for improvement
- Demonstrated impact of vulnerability through exploitation
- Leveraged PTES framework for seven-phase effective testing
- Delivered roadmap for remediation
We Can Help
For more information on this and other topics, contact a member of our team.
The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.
