CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // IT SECURITY // SECURITY AUDITS // VULNERABILITY ASSESSMENTS

3 Program Levels - Regular Check Points - Individualized Coaching - Customized Risk-Based Assessments -

Actionable Recommendations - Prioritized Approach

​​

 

 

 

The Comprehensive Approach

 

The TripleSEC leadership, through years of global experience, industry insight and executive feedback, understands that the true strength of a consulting partner is a close and continual relationship that involves knowledgeable advisement, mentoring checkpoints, and honest guidance over a long term period. With this understanding, TripleSEC devised their Cyber Security Assessment Program with 3 levels and continual check in points that will drive security within the corporation and infuse a culture of security.

​

TripleSEC Level 1: Program Assessment

 

The starting point of any relationship is understanding. Only from this viewpoint can we truly discern where we are starting from and where we need to go. This level starts with interviews and workshops to gain a depth of knowledge and understanding or our clients as individuals, their corporate culture and risk appetite, and the network and data environment itself. Baseline assessments are then conducted to include penetration testing, vulnerability assessments, and critical reviews and analysis of key security elements. The following steps are taken in a Level 1 Cyber Security Assessment:

​

• Workshops / interviews to gain initial understanding

• NIST sub-category mapping and assessment

• Baseline Penetration Testing (External & Internal)

• Vulnerability Assessment of external and internal networks (including websites)

• Firewall Reviews

• Password Analysis

• Architecture Review

 

The Level 1 Cyber Security Assessment is followed up with:

​

• Comprehensive, easy to understand reports

• Security Dashboards, and

• Onsite executive presentation

 

TripleSEC Level 2: Remediation Analysis & Deeper Dive

​

After the Level 1 Program Assessment is carried out and an understanding is established, TripleSEC dives deeper into the analysis. Full remediation analysis is carried out and tracked to demonstrate and encourage progress. Monthly check-ins are scheduled and dashboards are updated.

​

The following steps are taken in a Level 2 Cyber Security Assessment:

​

• Workshops / interviews to gain deeper understanding, track progress and development and provide coaching

• Reassessment of any previously discovered vulnerabilities

• Full NIST mapping and assessment

• Risk Assessment

• Security Policy Review, Gap Analysis & Security Policy Creation Assistance

• Deep Dive Penetration Testing (External & Internal)

• Social Engineering Phishing Campaigns

• Web Application Assessments (Pen Testing and / or Code Review)

• Mobile Application Assessments

• Comprehensive Vulnerability Assessments

• Device Reviews

• Incident Response Plan Review and / or creation

• Tools Review (SIEM, IDS / IPS, etc)

• Physical Review

• Security Awareness Training

​

The Level 2 Cyber Security Assessment is followed up with:

​

• Comprehensive, easy to understand reports

• Security Dashboards, and

• Onsite executive presentation

​

TripleSEC Level 3: Comprehensive Re-Assessment & Intense Analysis

​

The Level 2 Cyber Security Assessment will have provided TripleSEC a deep level of understanding and provided you with the clarity and confidence of a clear vision, and a road map to get there. Full remediation analysis is once again carried out and tracked to demonstrate and encourage continued progress. Monthly check-ins are scheduled and dashboards are updated. At this point, there is continued coaching and mentoring to ensure the road map is on track and security on the radar.

​

The following steps are taken in a Level 3 Cyber Security Assessment:

​​

• Comprehensive Reassessment

• Social Engineering Phishing Campaigns

• Incident Management Exercise with Red Teaming & Scenario Based Pen Testing

​

The Level 3 Cyber Security Assessment is followed up with:

​

• Comprehensive, easy to understand reports

• Security Dashboards, and

• Onsite executive presentation