Backbone Security offers assessment and consulting services to organizations of all sizes across diverse industries. Our projects are delivered by highly skilled consultants using proven methodologies that are customized to address the unique business objectives, risk profile, and compliance requirements of each client. We utilize our extensive experience and information security expertise to help you identify, understand and remediate security weaknesses and vulnerabilities related to people processes, and technology.
Enterprise Information Security Assessment
- Automated scans and manual testing to determine technical vulnerabilities of external and internal systems and network devices.
- Platform-based analysis of security controls on representative sample of key systems and network devices.
- Interviews with operational personnel to review architecture and discuss internal processes and procedures related to information security
- A high-level assessment of the current information security program as aligned against the backdrop of leading practices such as the ISO 27001 Information Security Standard.
Penetration Testing and Vulnerability Assessment
- Automated scans and manual testing to determine technical vulnerabilities of external and/or internal systems and network devices.
- Internal and external penetration testing to validate physical and logical security controls and assess security awareness, intrusion detection, and incident response capabilities.
Web Application Security Assessment
- Interviews to review the application’s business function, architecture, technology platform, and critical processes including development, maintenance, and operations.
- Automated and manual testing to identify Web application vulnerabilities from the perspectives of both an authenticated user and a potential attacker with no provisioned access.
Wireless Network Security Assessment
- Review and analysis of wireless architecture design and sample access point configurations.
- On site analysis and assessment to determine signal exposure/leakage, information disclosure, rogue access points, weak protocols, and wireless security vulnerabilities.
Security Policy Review and Development
- Review of existing security policy documents to conduct a gap analysis that is based on industry accepted frameworks and identifies deficiencies in security policies and business processes.
- Augmentation of existing documentation to address policy gaps and to align policy with existing business processes while incorporating leading practices to enforce business objectives and regulatory requirements.
Business Continuity Planning
- Contingency Planning - Indentifies threats and vulnerabilities to your business IT Systems.
- Incident Response Planning - Protection against and recovery from cyber attacks.
- Disaster Recovery Planning - Quick, efficient recovery of IT capabilities following natural disasters.