A State Agency and Cybersecurity

Management asked Elliott Davis to help answer: “Are my hosted systems and applications systems in compliance to support information security at the agency?”

Context

• Customer responsible for overall approach to information security at agency and operational security aspects of its hosted systems and applications
• Needed to assess security posture of applications and systems
• Necessary to ensure regulatory requirements were met

Our Approach

Over 5 weeks, we completed:

• Internal Penetration Testing
• External Penetration Testing
• NIST 800-53 Assessment
• Device Configuration Review / OSSA (Operating System Security Assessment)
• Network TAP Analysis and Inventory of Devices
• Web Application Penetration Testing

Customer Results

• Identified areas of risk that could lead to exposure
• Provided real insights into system and process weaknesses with future areas for improvement
• Demonstrated impact of vulnerability through exploitation
• Leveraged PTES framework for seven-phase effective testing
• Delivered roadmap for remediation

We Can Help

For more information on this and other topics, contact a member of our team.

The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.