Understanding and managing risk is the cornerstone of a successful organization
Securing your network and your intellectual property has become ever more challenging and the cyber security threats pointed at your network have emerged as exponentially more sophisticated. Cerium Networks has an in depth security team to help your organization evaluate your risks and how best to secure your network and its assets from today’s advanced security threats.
Information & Security Audit Services
Cerium provides a broad range of information security and audit services including:
Regulatory compliance assessments for:
- National Institute of Standards and Technology, NIST SP 800-53, NIST SP 800-66
- ISO/IEC 27001 and 27002– the International Organization for Standardization and the International Electrotechnical Commission
- GLBA – the Gramm Leach Bliley Act
- HIPAA – the Health Insurance Portability and Accountability Act
- FISMA – the Federal Information Systems Management Act
- NERC CIP – North American Electric Reliability Corporation Critical Infrastructure Protection
- Incorporates a risk-based assessment methodology
- Identifies a baseline of existing controls and potential vulnerabilities and determines a roadmap of recommended actions to improve the organization’s security posture
- Executive management level workshops
- Risk assessment projects
- NIST Risk Management Framework
- External vulnerability testing
- Black-box penetration testing
- Application security testing
- Social engineering scenarios
- Policy and procedures review
- Roles and responsibilities & separation of duties
- Business continuity plan & business impact analysis
Cerium works with organizations ranging in size from small-to-medium to large enterprises to baseline the current security program controls and to identify areas in need of improvement.
Security accreditation's include:
- CAP - Certification and Accreditation Professional
- CEH - Certified Ethical Hacker
- CISA - Certified Information Systems Auditor
- CISM - Certified Information Security Manager
- CISSP - Certified Information Systems Security Professional
- ISSMP - Information Systems Security Management Professional
- ITIL-F - IT Infrastructure Library Foundation
Cerium engineers help customers design, implement, optimize and support advanced security solutions from our industry partners. The deployment of effective tools gives customers the segmentation, visibility, and management capabilities they need to manage risk and protect their networks.
|DATA CENTER||ROUTE & SWITCH|
Security assessments take the mystery out of understanding your current state of security and what to do next to improve the roles, processes and technology that keep you safe. Assessments establish a baseline for existing controls and provide a strategic, risk-based road-map for moving forward.
Independent testing of your organization’s network security posture improves the real-world level of security and measures compliance with regulatory requirements.
Whether remotely attacking your Internet-connected firewalls and web servers or conducting on-site attacks against the inside of your network, Cerium security consultants function as ethical hackers utilizing the same tools and methods that the bad guys use. The difference is that our testing is completed from an auditor’s perspective in order to comprehensively identify all existing vulnerabilities, so that you can mitigate them.
The deliverables for an assessment project include an executive summary, a risk matrix of the vulnerabilities identified, and complete recommendations on mitigation.
Cerium security consultants measure your healthcare organization’s current state of security against the HIPAA standard as defined by the National Institute of Standards and Technology. A gap analysis clearly identifies areas of strength and weakness. Detailed recommendations enable you to take proactive steps to achieve full compliance.
External Vulnerability Analysis (Pen testing)
An external vulnerability analysis is the controlled attempt at testing a computer system or network from “outside” in order to detect vulnerabilities. It employs the same or similar techniques to those used in a genuine attack. Appropriate measures can then be taken to eliminate the vulnerabilities before they can be exploited by unauthorized third parties.
- Discovery: enumeration, fingerprinting and banner grabbing
- Scanning: performing port scans and resource identification methods utilizing a variety of open source, customized and commercial tools
- Vulnerability tracking: identifying vulnerabilities in scanned systems and resources
- Manual analysis: to reduce false positives and ensure results match Pend Oreille County’s environment, a security consultant will review and analyze all findings
- Documentation and presentation of results
Certified and experienced data security engineers help customers design, implement, optimize and support advanced security solutions from Cisco Systems, RSA, WatchGuard, and F5. The deployment and management of effective tools gives customers the segmentation, visibility, and management capabilities they need to protect their networks.
- Next-gen firewalls
- Intrusion prevention
- Network admission control
- Secure mobility
- Email and web security
- Data loss prevention
- 2-Factor Authentication