Management asked Elliott Davis to help answer: “Are my hosted systems and applications and systems in compliance to support information security at the agency?

Context

  • Customer responsible for overall approach to information security at agency and operational security aspects of its hosted systems and applications
  • Needed to assess security posture of applications and systems
  • Necessary to ensure regulatory requirements were met

Our Approach

Over 5 weeks, we completed:

  • Internal Penetration Testing
  • External Penetration Testing
  • NIST 800-53 Assessment
  • Device Configuration Review / OSSA (Operating System Security Assessment)
  • Network TAP Analysis and Inventory of Devices
  • Web Application Penetration Testing

Customer Results

  • Identified areas of risk that could lead to exposure
  • Provided real insights into system and process weaknesses with future areas for improvement
  • Demonstrated impact of vulnerability through exploitation
  • Leveraged PTES framework for seven-phase effective testing
  • Delivered roadmap for remediation

We Can Help

For more information on this and other topics, contact a member of our team.

The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.