Importance

Performing penetration testing and vulnerability assessments, is not only an important aspect to information security, but also a regulatory requirement according to FFIEC standards.  Penetration testing is a tool that can evaluate the security of your infrastructure at a certain point in time.  Information attained from the test will only help increase the strength of your network.  Our penetration tests act as a method of evaluating your network using a simulated real world penetration attack.  With our detailed reporting, your institution has the ability to pin point critical patches and security resources that need to be addressed.  


Penetration testing Benefits

  • Meet regulatory requirements
  • Avoid costly network downtime
  • Justify security funding
  • Uphold Company reputation
  • Give customers confidence they deserve 

Testing

Our tests are conducted in accordance with the agreed upon terms between us and our client.  Once these terms are agreed, we proceed with a four step testing process:

  1. Request of information from the client
  2. Conduct the test
  3. Review the results
  4. Draft a report for the client


Reporting the results to the client is an important aspect of our testing.  Unlike many competitors, we take the time to sift through the testing results, we determine what information is pertinent to the client,and then we recommend the appropriate changes, and actions to accomplish those changes. This tailored reporting process is very beneficial to our clients, as we make ourselves available for questioning, and assisting the client with correcting any issues that were found. 

Methodology

Our Penetration Testing process is derived from the following accredited sources:

  • Institute for Security and Open methodologies (ISECOM)
  • Open Source Security Testing Methodology (OSSTM)
  • National Institute of Standards and Technology (NIST)
  • ISACA - Standards for Information Systems Auditing

Overview

  • Network Penetration Testing is an integral part of evaluating the effectiveness of a comprehensive Information Systems Security Policy. It is designed to identify incorrect firewall configurations and system vulnerabilities that might otherwise be exploited by a remote attacker to access internal information systems. If vulnerabilities are uncovered in a Penetration Test, it is indicative of systematic flaws in the Security Policies and Procedures that must be addressed.


  • We recognize that without effective Information Systems Security Policies and Procedures, a Penetration Test is just a snapshot of the network security configuration at a point-in-time. We recommend a comprehensive IT Security Review to analyze internal information systems policies, procedures, and controls. 


  • NavisPro specializes in Security Analysis and IT Reviews for financial institutions. We have developed an External Network Penetration Testing process that demonstrates the effectiveness of the institutions security policies and procedures and satisfies regulatory requirements of the FFIEC/FDIC/OCC. 


  • We offer our Penetration Test as an independent stand-alone assessment of the security of your information systems from external threats of penetration. If your security policies and procedures are already being reviewed, we can conduct a penetration test to satisfy regulatory requirements and to help you rest easier by identifying and remedying system vulnerabilities or confirming your current policies and procedures are an effective means of mitigating information security risk.  


  • We are also able to conduct a comprehensive IT Security Review and offer the Penetration Test in conjunction with that. For more information on NavisPro's IT Security Review, please click here. 


Penetration Testing