Faced with the emergence of new security recommendations and compliance requirements, in conjunction with emerging security threats to its enterprise infrastructure, a small, private advertising and marketing company needed to determine if the security features implemented by its own IT staff were properly set up and functioning as expected. Knowing that their security posture is a moving target, the company selected PROTEUS’ CyberVigilance™ solution to help identify where their weaknesses were and provide a comprehensive and objective assessment of the company’s IT assets and network environment. CyberVigilance’s™ proven assessment methodology collected security-related information across many distinct security domains and reported on the overall compliance level of the company’s security program.
Periodic testing and evaluation of the effectiveness of information security policies, procedures, and practices, must be performed with a frequency depending on risk, but no less than annually.
The objective of this initiative was to assess the strength of the corporate infrastructure and current security posture, compare assessment results with industry best practice standards, and identify vulnerabilities that could negatively affect the company.
Pulling from its experience, PROTEUS deployed CyberVigilance™ experts and leveraged a phased approach that has proven extremely effective for testing for weaknesses in infrastructure design and improving the security posture of IT assets. CyberVigilance™ utilized automated tools, coupled with technical inspections, document reviews and observations, to audit current technologies, processes and personnel to determine the depth of its security strategy and whether each met best practice standards.
The CyberVigilance™ security experts aggregated the personnel, process, and technology data across security domains to produce a detailed report card of the compliant and no compliant security controls. The report provided a detailed analysis on the current security posture of the company’s network and recommended remediation requirements based on identified security deficiencies.
The assessment concluded that the company was at a high level of exposure after discovering several critical and directly exploitable issues within the company’s infrastructure that would allow a compromise of systems or data. Additionally, a multitude of low and medium issues ranging from simple best practices to updating third-party vendor product firmware put the company at additional risk until addressed.
Based on the weaknesses found in the infrastructure during the assessment, the company engaged PROTEUS to help develop a road map to prioritize remediation requirements based on available funding, complexity and business imperatives. CyberVigilance™ engineers have been actively working with the company to address the short-term and long-term remediation efforts.
Armed with the knowledge CyberVigilance™ provided, the company was able to further develop and refine its overall security program. The company was able to focus its limited resources and time towards higher risk areas and on quick-fix, low cost items that satisfied immediate security concerns.
It is critical to conduct objective, third-party infrastructure and security assessments on a routine basis so that, as in this example, industry best practices and protective measures that go beyond standard implementations can be applied. Leveraging CyberVigilance™, the company was able to discover several opportunities to better secure its environment and protect its IT assets and has taken the necessary steps to ensure its borders and its security patrol measures are much stronger today.
Data security is crucial for all small businesses. Data lost due to disasters such as a flood or fire is devastating, but losing it to hackers or a malware infection can have far greater consequences. How you handle and protect your data is central to the security of your business and the privacy expectations of customers, employees and partners
About PROTEUS Technologies
PROTEUS Technologies, LLC (PROTEUS), is a leading provider of high-end Cyber Solutions, SIGINT and Technology, Research & Innovation, and Embedded Engineering software services to the Intelligence Community, Federal Executive Departments, HealthCare, and Commercial Industries. PROTEUS has a proven track record of excellence and commitment to client mission success. PROTEUS Headquarters is located in Annapolis Junction, MD with satellite offices in Columbia, MD, and is the 2010 winner of the prestigious DoD Nunn-Perry Award winner, multiple annual Baltimore Business Journal “Best Places to Work” awards, and the most recent Corporate America Software & Technology Award Winner for Innovation in Software/Systems Engineering.