We include the key assessment activities you need in our flagship Virtual Security Team service. However, if you only need one-time or on-going information security testing, we can help. We offer network vulnerability scans as well as network, application, and facility penetration testing. We also do social engineering engagement, including phone pre-texting and phishing tests. We can also help you perform a risk analysis or evaluate compliance.
These are two of our most popular assessments…
HIPAA Security Assessment
Our HIPAA security assessment is thorough but super-efficient. For smaller organizations, we can complete an assessment in just 1 week — you’ll have an actionable report and the clear view of HIPAA compliance that you’ve wished for. We understand the HHS OCR audit protocol and cover it in our engagement, but our assessment blends security good practice with HIPAA requirements, too. That’s important because compliance and security aren’t the same thing. We’ll show you what you’re doing well and where we see problems, and we’ll explain what you can do to close any gaps we find.
Network Penetration Test
Our penetration test includes both external and internal network vulnerability scans but it’s a lot more than just a scan. We test how hackers may get in and what they could do if they were inside, using automated and manual techniques to identify and validate network, system, and application vulnerabilities. We give you both “black box” and “white box” perspectives.
We’ll start with a “black box” open source intelligence search to show what attackers can learn about your organization. We share this information with you, map your entire network to define your “attack surface”, and then pick appropriate attack scenarios based on prime targets and weaknesses. To help you meet regulatory requirements, we align our testing with the National Institute of Standards and Technology (NIST) Special Publication 800-115, Technical Guide to Information Security Testing and Assessment.
Our pen-test report is brief and easy-to-read. The report has a 1-page dashboard, a consolidated action item list, and tables with insights and details. We’ll include a separate addendum with screen captures and other evidence to support our findings. If you hate 300-page, computer-generated reports, you’ll love Loptr’s approach.