CYBERSECURITY PROFESSIONAL SERVICES
RISK ASSESSMENT
Risk assessments are the foundation of every healthy cybersecurity program. They uncover the unique risk events facing an organization and tie them to a custom-built risk-reduction roadmap. Risk assessments provide shareholders and decision-makers with valuable information that can help them minimize the impact of:
- Adversarial risks – like Ransomware or Social Engineering attacks
- Accidental risks – like a losing a company laptop
- Technical risks – like a hard drive failing or database corruption
- Environmental risks – like flooding, fire, and natural disasters
Mavericks conducts Risk Assessments based on the globally-recognized NIST SP800-30 Guide for Conducting Risk Assessments.
VULNERABILITY ASSESSMENT
A vulnerability assessment is a comprehensive evaluation of cybersecurity weaknesses that exist in an information technology environment. The assessment will identify Common Vulnerabilities and Exposures (CVE) that could be easily exploited by a malicious attacker. In addition, the assessment will assigns levels of criticality of severity to each vulnerability and will provide actionable remediation recommendations.
PENETRATION TESTING
A penetration test is a simulated cyber-attack against an organization's information technology infrastructure, systems and applications. An Ethical Hacker will test the effectiveness of existing cybersecurity controls and attempt to exploit vulnerabilities.
Penetration testing is required by many regulations such as PCI, NERC and others and is a critical component of building an effective cybersecurity program.
CYBERSECURITY MATURITY & COMPLLIANCE ASSESSMENTS
Organizations that face the burden of operating in regulated industry often need to understand how their internal control framework satisfies compliance requirements. Mavericks provides Compliance Maturity Assessments for:
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- Cybersecurity Maturity Model Certification (CMMC)
- Defense Federal Acquisition Regulation Supplement (DFARS)
- NIST Cybersecurity Framework
INFORMATION SECURITY POLICY DEVELOPMENT
Information security policies provide organizations with clarity and standardization. They govern how security controls are installed and configured and also tell employees what behaviors are expected and acceptable while interfacing with information systems. Policies are not static. Over time, corporate objectives may change, company cultures may change, and technology absolutely changes. As such, policy review should be a regular component of all cybersecurity programs.
INCIDENT RESPONSE PLANNING
An Incident Response Plan is a documented set of instructions and procedures designed to help IT personnel and others detect, respond to and recover for cybersecurity incidents. The plan contains critical information about roles and responsibilities of the Computer Emergency Response Team (CERT), and the procedures for identifying, containing, neutralizing and reporting cybersecurity incidents.
© 2022 Mavericks Office Solutions Inc.. | All rights reserved.