INFORMATION SECURITY ASSESSMENT SERVICES

E3 offers a comprehensive spectrum of services that help organizations assess and manage risk with confidence.

Our technical controls review is comprised of a bundle of individual services. By combining multiple service offerings into a single controls review, clients can save on the costs of multiple assessments in the future. If you are unsure what services you need, our experienced sales staff can help.

Internal Vulnerability Assessment - (IVA)

Our technical vulnerability assessment provides your organization with a clear understanding of technical risks present on your internal network. Many organizations face a number of threats from internal sources including disgruntled, careless, or bored employees. Additionally, threats that originate from external sources that exploit weaknesses in internal network controls such as weak, poor, or misconfigured systems and applications can present risk to your organization.

External Vulnerability Assessment - (EVA)

Our External Vulnerability Assessment provides your organization with an understanding of the risks present on your systems with an Internet presence. External threats are those posed by external sources such as hackers, viruses, and trojans to your systems that are accessible via the Internet. Typical systems include firewalls, routers, VPN concentrators, websites, email, and domain name servers. Testing will enumerate vulnerabilities and identify possible threats that the vulnerabilities pose.

Active Directory Security Review - (ADSR)

In most organizations, Windows Active Directory is a foundational security control. Surprisingly, many companies never bother to check whether their AD environments are properly hardened. Frequently, security features that can be enabled by security groups, file share permissions, group policy, and local policy are missing or inadequate. Our review focuses on how the organization uses AD security and how it compares to recommended best practices.

Password Strength Review - (PSR)

Are your password policies sufficient? Is it possible for a malicious hacker or insider to compromise passwords for sensitive systems or other users? We can perform testing to determine if your Windows Active Directory passwords are appropriate and adequately hardened against common attacks.

Wireless Network Assessment - (WNA)

Wireless networks by their very nature are accessible without physical access. Has your organization properly hardened its wireless environment? Have you checked for unauthorized Wi-Fi access points on your environment? Our wireless network assessment focuses on the appropriate security hardening mechanisms that should be employed and tests whether they are properly configured.

Our Information Security Managerial Controls Review (MCR) assesses the organization’s security program. E3 evaluates an organization’s adherence to a desired standard. IT managerial and operational controls should set the tone for the organization regarding information security.

For 20 years, E3 has been providing organizations with GAP assessments for their IT controls based on FFIEC, NCUA, and state examination standards.

Some of the more common gap assessments we provide are:

NCUa/FFIEC

Unified FFIEC

ISO 27002

NIST 800-53

Nist cybersecurity

nist 800-171

Physical Security Review

We can help assess the physical security risks your organization faces, whether you need a ground-up physical security assessment or simply an assessment of your employees’ adherence to clean desk requirements. Depending on the scope desired, we can review the organization’s physical security controls in the following areas:

• Policies and procedures around physical access

• Physical management/electronic key management

• Key log reviews

• Dual control

• Fire suppression

• Auxiliary and backup power

• Camera placement and coverage

• IDF and data center security controls

• Clean desk walkthrough