- Information Security Program (ISP)
Information Security Assessment Services (ISAS)
- Internal Security Assessment (ISA)
- External Vulnerability Assessment/Penetration Testing (EVA/PT)
- Physical Security Assessment (PSA)
- Remote Internal Vulnerability Assessment (R/IVA)
- Wireless Vulnerability Assessment (WVA)
- Branch Controls Assessment (BCA)
- Virtual Vulnerability Assessment (VVA)
- Website Penetration Testing Assessment (W/PTA)
- Mobile Device Management Assessment (MDM)
- Risk Management/Business Continuity Program
- CastleGarde NetAudit (CNA)
- Remote Social Engineering (RSE)
- Website Compliance Assessment (WCA)
External Vulnerability Assessment / Penetration Testing (EVA/PT)
Following the CastleGarde assessment methodology, an External Vulnerability Assessment and Penetration Testing (EVA/PT) is performed in four stages:
Evaluation, Exploitation, and
External Vulnerability Assessment Phases
Passive Information Gathering
This portion of the assessment entails engineers gathering information about the credit union that is publicly available and using applications that identify all devices within the scope of the IP ranges provided by the client.
Technical Testing using a myriad of industry-proven penetration testing tools to scan every device on the client’s network for known or possible vulnerabilities.
Evaluation, Exploitation, and Validation
During this part of the assessment, engineers actively validate each and every tested result discovered from the previous steps of the assessment, per the client’s management approval. Engineers also attempt penetration activities on all network devices with the goal of obtaining unauthorized application, device, and/or network entry, and the unauthorized discovery of Sensitive Member Information.
This part of the assessment is where engineers gather and organize the testing results which include assessment findings and recommendations based on regulations, policies, standards, procedures, and industry best practice guidelines. In this final phase, the assessment team is able to determine the organization’s security risk profile. The ensuing report provides management with the tools it needs to make accurate decisions with respect to the acceptance, avoidance, or assignment of risks identified.