Navigate the Maze of Information Security …Pondurance helps clients navigate the maze of information security requirements. Our practice managers and directors develop programs for your organization that significantly reduce risk and insure compliance to industry regulations. We offer our expertise across three consulting practices; information Security, business Continuity and regulatory Compliance.
Businesses are attacked on a daily basis and 92% of the breaches investigated were not difficult to execute*. Most companies have a false sense of security that they are protected from a cyber attack. Pondurance offers Enterprise Security Testing (EST) and Application Security Testing (AST) to analyze system, network and application security controls and identify weakness in information security controls, policies, and procedures.
Manage Your Business Risk …Successful businesses incur information and operations risk in everything they do. Some risks are acceptable, some are not. Understanding your organization’s risk tolerance, and current risk posture, is what makes the difference between continued success and potential failure. Pondurance offers Threat and Risk Assessments (TRA), Business Continuity Management (BCM) and Incident Management Services (IMS) to identify, measure and mitigate information security and operational business risk. We can additionally prepare your organization to respond to adverse events that inevitably occur.
Achieve Compliance & Security …Many businesses today are faced with the difficult choice of attaining regulatory compliance or improving their information security posture. Pondurance believes a better alternative is to implement compliance programs that improve security. Pondurance offers PCI DSS, HIPAA / HITECH, FFIEC, NERC-CIP, and ISO 27001/2 assessment services to identify areas of non-compliance to standards and to analyze the risk to your business while providing recommendations that meet your compliance and security objectives.
Organizations are presented with a literal maze of internal and external influence (including regulatory, legislative and contractual mandates), and technological and procedural options, all of which may prove daunting for those who seek to optimize the balance of risk and control. Life-Cycle Driven Security contemplates a revolving approach to Assess, Build and Sustain your security program, which makes it relevant to organizations venturing into the maze for the first time, as well as for those who desire to maintain an optimized critical path.
When it comes to vulnerability management, you want to leverage credentials to login to the host. This allows for the detection of vulnerabilities both from a network standpoint and also by running authenticated commands that provide granular details on installed software and configuration parameters.
Typically, clients seem to have a grip on managing multiple Windows devices from a centralized authentication and management perspective. However, in environments where Windows is dominant, the management of Linux/Unix hosts seem to be lacking a parallel directory-based approach. Sure, we’ll run into environments with a team of experienced Linux/Unix hosts that tie to LDAP or even Active Directory and that makes life much easier in terms of performing authenticated scans.
Read more →
