Information Assurance / Cybersecurity
The evolving sophistication of criminal cyber activity compels us to be vigilant in protecting our organization’s assets: people, information, and supporting technology. The cornerstone of Dnutch’s cybersecurity services is risk management, which includes risk assessment, vulnerability assessment, penetration testing, threat modeling, and integration and program execution. Our cyber infrastructure is a primary conduit of our economy and an integral part of service and goods delivery. Protection must be comprehensive – accounting for people, movement of information and data, as well as all supporting technology components.
Risk Assessment – The goal of risk management is to assess the potential risk to and minimize or prevent accidental loss of or harm to an organization’s assets. Dnutch risk assessments have been successfully implemented by organizations across various industries to identify gaps and weaknesses in policies and procedures designed to protect an organization’s assets. Because the needs of organizations vary, the Dnutch risk assessment approach has flexibility to accommodate the specific operating environment and compliance needs of your business or organization.
Vulnerability Assessment – The goal of vulnerability assessment is to help determine the security posture of an organization by identifying specific areas of weakness that need to be addressed. In addition to examining technical and administrative processes, vulnerability assessment tools are used on systems to gather detailed information to help determine the overall risk of detected vulnerabilities. Vulnerability assessments can be focused on a variety of government and industry regulations: PCI, DSS, NERC, FISMA, SOX, GLBA, HIPAA, COPPA and RMF.
Penetration Testing – The goal of penetration testing, which is a step in the vulnerability assessment process, is to simulate an attack to evaluate the risk profile of a target system. Target systems can include networks, network devices, operating systems, desktop applications, databases, web applications, printers, and almost any device with an IPv4, IPv6, and/or URL address. Comprehensive reports present findings, detailed vulnerability descriptions, and recommended remediation.
Threat Modeling – The goal of threat modeling is to help an organization develop informed risk management decisions by proactively identifying potential security issues and implementing countermeasures to prevent or mitigate the effects of threats to an organization’s assets. Modeling threats involves identifying assets to protect, identifying threat agents and possible attacks, identifying exploitable vulnerabilities, prioritizing identified risks, and examining existing countermeasures to reduce threats to an organization’s assets.
Integration & Program Execution – The sustainability of cybersecurity initiatives depends upon successful integration with an organization’s existing processes. Dnutch can help identify points of synergy between cyber initiatives and an organization’s IT and security programs that leverage commonalities and economies of scale.
Dnutch’s team can manage cybersecurity initiatives for your organization or provide support to in-house security teams; we also help make cybersecurity part of continuous improvement efforts and leverage best practices and industry standards such as COBIT (Control Objectives for Information and related Technology) and ITIL (Information Technology Infrastructure Library).
Dnutch Cybersecurity Expertise
- Business Continuity & Disaster Recovery
- Critical Infrastructure Continuity and Contingency Planning
- Emergency Preparedness
- Exercise and Simulation
- Control Frameworks
- Cybersecurity Maturity Model Certification (CMMC)
- NIST SP 800-53
- NIST SP 800-171
- Enterprise Information Systems Security Oversight
- Governance and Compliance
- Federal Information Security Management Act (FISMA) Support
- Health Insurance Portability and Accountability Act (HIPAA) Support
- Payment Card Industry (PCI) Standards
- Information Assurance Inspections and Audits
- Risk Management Framework (RMF)
- Security and Audit Frameworks and Methodologies
- Control Objectives for Information and related Technology (COBIT)
- Information Technology Infrastructure Library (ITIL)
- ISO/IEC 27002:2013 Compliant Solutions
- Risk Assessment
- Training and Awareness Programs
- Vulnerability Assessment and Penetration Testing