Information systems are delivered with an increased awareness of information security. However, many companies do not maximize the value of available information security tools and techniques, or do not support the implemented technology with adequate business processes to sustain appropriate security levels. Our review will focus on identifying realistic information security risks and provide both technical and pragmatic recommendations to mitigate those risks.
The Cadence Value
Proposition
With The Cadence
Group, you will
work with knowledgeable information security professionals.
We are experienced in performing system, application, and network security assessments and all of our information security resources hold CISSP Certified Information Systems Security Professional) certifications, as well as other industry and technical certifications.
Cadence works with
organizations seeking to change their culture and support mechanisms around information security.
As change requires acceptance of responsibility for continued,
proactive delivery of information security and the ongoing protection of confidential information, Cadence will not only identify information security vulnerabilities, but
also focus cost effective countermeasures. We work with companies to develop effective action plans and implement appropriate levels of project management to help ensure successful delivery.
In addition, our flexibility allows you to
depend on us at any time during the project for
any needed assistance and to obtain the benefits
you require. To provide flexibility, we can perform the related tasks
necessary to complete each phase of the project
(outsourcing), we can coach you and your staff
on information security (advisory), or perform a
combination of each. We will work with you to
understand your business and information assets you want to protect, timing
restrictions, budgetary constraints and desired
results to develop a solution that is right for
you.
Methodology
External Penetration Testing projects are typically divided into the following three phases:
1. Project Scoping and Planning - The Cadence Group will meet with management to determine the information systems that have potential security weaknesses. Based on this information, The Cadence Group will provide some initial information on which information systems should be secured based on initial information and provide a detailed assessment plan. This plan will define the information systems to be reviewed, the tests that will be performed, and the timeframe for accomplishing the plan's objectives.
2.
Field Work - Once the plan is determined, we will work with you to develop a plan for executing the assessment plan. The aspects of an information security assessment plan include:
a. Technical Review: A review all technical security settings of the information systems. The specific tests will be determined by the implemented technology.
b. Access Controls: A review of user accounts on the systems, including the corresponding access reviews. This approach will allow an assessment of the effectiveness of user provisioning controls and determine if employees have access only that is commensurate with their job responsibilities. This review should also evaluate the security administrator accounts, system accounts and generic accounts.
c. Management Controls: Based on the potential risks identified from technical and access control reviews, a root cause analysis will be performed to determine why identified deficiencies occurred. This analysis will result in business process control recommendations to improve internal controls to help maintain effective information security.
3.
Reporting - At the conclusion of field work, the results of assessment plan will be reported. This report will include any deficiencies. An action plan will be developed for each deficiency with a defined business processes owner and a defined timetable for completion.
 top
| 
