Icon6.png
 

Our technical controls review can be a bundle of any individual service. By combining multiple service offerings into a single controls review clients can save on the costs of multiple assessments in the future. Not sure what services you need? Our experienced sales staff can help.

Internal Vulnerability Assessment - (IVA)

Our technical vulnerability assessment provides your organization with a clear understanding of technical risks present on your internal network. Many organizations face a number of threats from internal sources including disgruntled, careless, or bored employees. Or threats that originate from external sources that exploit weaknesses in internal network controls such as weak, poor or misconfigured systems and applications.

External Vulnerability Assessment - (EVA)

Our External Vulnerability Assessment provides your organization with an understanding of the risks present on your systems with an Internet presence. External threats are those posed by external sources such as hackers, virus, and trojans to your systems that are accessible via the internet. Typical systems include firewalls, routers, VPN concentrators, web sites, email, and domain name servers. Testing will enumerate vulnerabilities and identify possible threats that the vulnerabilities pose.

Active Directory Security Review - (ADSR)

In most organizations Windows Active Directory is foundational security control. Surprisingly many companies never bother to check if their AD environments are properly hardened. Frequently security feature that can be enabled by security groups, file share permissions, group and local policy are missing or inadequate. Our review focuses on how the organization uses AD security and how it compares to recommended best practices.

Password Strength Review - (PSR)

Are your password policies sufficient? Is it possible for a malicious hacker or insider to compromise passwords for sensitive systems or other users? We can perform testing to determine if your systems passwords are appropriate and adequately hardened against common attacks.

Wireless Network Assessment - (WNA)

Wireless networks by their very nature are accessible without needing physical access. Has your organized properly hardened its wireless environment? Have you checked for unauthorized Wi-Fi access points on your environment. Our wireless network assessment focuses on the appropriate security hardening mechanisms that should be employed and tests whether they are configured properly.

Icon7.png

Our Information Security Managerial Controls Review (MCR) assesses the organizations security program. E3 evaluates organizations adherence to a desired standard. IT managerial and operational controls should set the tone for the organization with regard information security.

For nearly 20 years E3 has been providing credit unions with GAP assessments for their IT controls based on FFIEC, NCUA and state examination standards.

Some of the more common gap assessments we provide are

NCUa/FFIEC

Unified FFIEC

ISO 27002

NIST 800-53

Nist cyber security

nist 800-171

Icon1.png

The E3 Penetration Testing service takes vulnerability testing an additional step by exploiting any found vulnerabilities and attempting to gain access to systems. Using commonly accepted practices for penetration testing we attempt to identify, exploit and exfiltrate target systems and data.

internal Penetration Testing - iPT

External Penetration Testing - EPt

web application PENETRATION TESTING - WAP

Icon5.png

Spear Phishing Social Engineering Testing

The following is placeholder text known as “lorem ipsum,” which is scrambled Latin used by designers to mimic real copy. Nulla eu pretium massa. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Aenean eu justo sed elit dignissim aliquam. Nulla lectus ante, consequat et ex eget, feugiat tincidunt metus.

Aenean eu justo sed elit dignissim aliquam. Nulla lectus ante, consequat et ex eget, feugiat tincidunt metus.

Voice Social Engineering Testing

The following is placeholder text known as “lorem ipsum,” which is scrambled Latin used by designers to mimic real copy. Donec ac fringilla turpis. Donec ac fringilla turpis. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Aliquam bibendum, turpis eu mattis iaculis, ex lorem mollis sem, ut sollicitudin risus orci quis tellus. Donec eu est non lacus lacinia semper.

Maecenas non leo laoreet, condimentum lorem nec, vulputate massa. Maecenas non leo laoreet, condimentum lorem nec, vulputate massa. Quisque congue porttitor ullamcorper. Suspendisse nec congue purus.

Onsite Social Engineering Testing

The E3 Social Engineering Testing evaluates whether adequate physical security exists and employees are properly trained to prevent unauthorized access to sensitive information. These simulations help heighten staff awareness to potential real world threats that may target them.  Sensitive information is not limited to but may include items like, backup tapes, removable media, statements, reports or paper with sensitive customer information, or physical access to the institutions Local Area Network. 

Social engineering simulations are clearly designed to evaluate the institution as whole and not to single out inadequate employee performance.

Icon6.png

Physical Security Review

From a ground up physical security assessment or simply to assess employee’s adherence to clean desk requirements, we can help assess physical security risks your organization faces. Depending on the scope desired we can review the organizations physical security controls in the following areas

  • Policies and Procedures around physical access

  • Physical Management / Electronic Key Management

  • Key log reviews

  • Dual control

  • Fire suppression

  • Auxiliary and backup power

  • Camera placement and coverage

  • IDF and Data Center security controls

  • Clean desk walkthrough


Icon10.png

Risk Assessment

The Risk Management process requires that Management identify, assess, measure, mitigate, and monitor those risks that may be present due to the type of services offered and the systems employed to deliver those services. Generally scoped out risk assessments are asset focused and qualitative in nature. In a qualitative approach we will assign a rating to each risk and countermeasure that is derived from a consensus opinion of E3 and the organization being tested. We will develop scenarios to lay out the possible threats their potential likelyhood and impact. We then factor in compensating and mitigating controls to determine the residual risk the organization may have in regards to their critical assets.