Understanding your risks is fundamental to security management. Nova offers several options:
This comprehensive audit evaluates your organization’s security posture compared with the world’s best cybersecurity standards: ISO 27001, SOC 2 and NIST which all have controls to protect information:
- Confidentiality: A compromise of confidentiality is the unauthorized release or theft of sensitive information, such as theft of passwords in transit or intellectual property from a server.
- Integrity: A compromise of integrity is the unauthorized alteration or manipulation of data, such as manipulation of sensitive information or illegal alteration of data.
- Availability: A compromise of availability is the loss of access to the primary mission of a networked asset. Examples include denial of service, malicious corruption of device firmware to disable critical functionality or deletion of important data from a file server or database
Audit activities include: Validation of controls with screenshots, policy and procedure documents, external vulnerability scan, site walkthrough, interviews, risk assessment to your information assets. Compliance against regulations will also be checked such as PCI, PHIPA, PIPEDA. A full report with recommendations will be presented.
Nova’s security team will run a vulnerability scan against all external-facing IP addresses using Nessus tools. Nova will analyze the Nessus scan results prioritizing the ranked findings and present a Vulnerability Assessment Report with recommendations to manage the vulnerabilities. A vulnerability scan can also be ran against internal IP addresses or cloud nodes as needed.
Nova offers a variety of pen testing options but usually recommends a non-intrusive approach. Our ethical hackers will attempt to identify weaknesses and try to breach data sources such as databases, cloud, wireless and applications or file shares. Red team (Attacker) vs blue team (Defender) simulations can also be run. Our team may start with phishing and social engineering to gain insight or access which would involve your users so we will carefully plan with you. A full report will be presented with recommendations.