Hire an ethical penetration tester!
An ethical or "white hat" hacker is an excellent way to analyze your system's vulnerabilities from the outside. Companies are electronically attacked daily. One only needs to read the technology headlines on any major website to see how serious this issue has become in our computer-reliant world. And the hacking attempts don't just come from the outside. It is estimated by the CSI/FBI that 60% of all computer crime attempts are committed by internal employees. For this reason, all of your systems need to be as secure as those you place on the Internet.
How does Information Risk Group perform its analysis?
Info Risk Group's proprietary Attack and Penetration Methodology (APM) is designed to provide maximum results with minimum system impact. Working closely with your staff, our security team attempts controlled penetrations of your networks and other points of access. Controlled penetrations are designed to due no harm to your systems. If at any time either IRG believes that a system or network may be placed in an unstable state, IRG will request specific permission to continue before moving forward with the attack from the customer. This ensures maximum uptime for your systems and prevents outages that may affect your company's customers.
The following 4 steps outline how IRG performs this service.
- Identify and Confirm - Systems to be assessed to ensure we are working solely with the systems outlined in the contract.
- Externally Assess each system through a "footprint" analysis.
- Attempt targeted penetration and intrusion on discovered networks, systems, and applications.
- Verify and report on all findings
What results can you expect?
Info Risk Group staff remains in contact with the customer throughout the entire engagement. In the event a serious misconfiguration or vulnerability is discovered it will be immediately reported to the customer for remediation. All findings are verified to the best of our ability to prevent "false positive" reporting. IRG also rates each finding on two levels: ease of repair and difficulty in executing an exploit. This allows you to concentrate on which problems you can fix given your resources.
Please contact us with any questions you may have on this subject or any other service Info Risk Group offers.
Offering Information Security and Risk Management services to companies throughout the Americas.