Consulting and Compliance Services
PCI v3.2.1 Compliance Gap Analysis
Any entity processing credit cards is currently required to be compliant with PCI DSS 3.2.1.
HIPAA Security Compliance
Gap Analysis
A requirement for any organization storing, creating, or processing personal health care records for living patients.
GDPR Compliance Gap Analysis
A European Union requirement
for privacy, this assessment, also called a Data Protection Impact Assessment (DPIA), measures compliance against GDPR
NIST 800-53/171 Compliance Gap Analysis
Typically, organizations that deal with the
U.S. Federal government work to be compliance with NIST Special Publication 800-53. In addition, if Controlled Unclassified Information (CUI) is in use or created this may require your organization to be DFARS (Defense Federal Acquisition Regulation
Supplement)-compliant. This typically impacts research universities, defense contractors, or supporting organizations.
FERPA Data Security Gap Analysis
The Family Education Rights and Privacy Act is in place
to protect student records, aligning mostly with the handling of records and their security and integrity.
FISMA Security and Privacy Assessment
NYS DFS Compliance Gap Analysis
Any
organization dealing with financial transactions and operating within the state of New York has a requirement to be compliant with NYS DFS 500. This also requires the organization to have a CISO or a third party assigned the role as a virtual CISO.
California Consumer Privacy Act (CCPA) Compliance Gap Analysis
Security Risk Assessment
Aimed at reviewing your organization’s environment and providing a findings assessment and remediation roadmap to improve your security program.
Program Maturity Assessment
Review of your organization’s
infrastructure, regulatory compliance program, and staffing skillset; provides feedback in the form of a 1-3 year improvement plan.
ISO Readiness Assessment
An assessment aimed at identifying any gaps between
your organization’s existing environment and one certified by ISO, typically ISO 270001 – Information Security Management.
CIS Top 20 Gap Assessment
A Security Framework aimed at assisting your organization
in the development of a security program that targets critical requirements first to improve
security quickly.
Policy Review and Creation
This program reviews policies for required design controls and creates
missing policies, where needed.
Business Continuity and Disaster Recovery Planning
A regulatory compliance requirement and a part for all security frameworks, Business Continuity and Disaster recovery planning
helps your organization understand requirements and processes in order to return an origination to a pre-incident state.
Virtual Chief Information Security
Officer (vCISO)
Aimed at organizations without a security program or that have an immature program, the vCISO delivers services required to develop a security program and increase maturity to deal with regulatory and other
security needs.
Incident Response Playbook Development
All organizations need a run book in order to respond to a variety of events and incidents. This program is designed to deliver an IR Plan tailored to your
organization’s needs and skillset.
Assessment Services
Vulnerability Assessments
Do you know where your exposures are and how to eliminate them? The ePlus Security Vulnerability Assessment scans your network-connected devices
and applications, identifies port exposures and other vulnerabilities, ranks vulnerabilities based on risk to your business, and provides a roadmap for remediation.
Penetration Testing
How easily could a hacker penetrate
your defenses? If you don’t know, ePlus’ Penetration Testing Assessment will help you find out. We mirror techniques used by hackers to exploit both technology and human vulnerabilities in your environment. We identify areas where your defenses
are weak, and your systems and data are at risk and vulnerable, so you can take action to prevent potential breaches.
Web Application Assessment
Hackers are adept at exploiting vulnerabilities in web applications. Using
automated and manual processes that include commercial, open source, and internally developed ePlus tools, our Web Application Assessment focuses on identifying web application specific vulnerabilities so you can eliminate exposures before a problem occurs.
Application Code Review Assessment
Catching code problems early can prevent exposures later. Using a combination of automated static code analysis tools and manual validation of data, the ePlus Application Code Review Assessment
identifies potential flaws in code that would result in vulnerabilities in later stages of the Software Development Lifecycle (SDLC).
Wifi
Vulnerability Testing
Social Engineering/Physical Security Assessment
ePlus’ Social Engineering/Physical Security Assessment consists of several types of campaigns: red team physical attacks, email phishing,
and vishing. Each campaign is designed for you to see how weak or strong your internal/external security controls are and how you can improve or increase security awareness.
Active Directory Security Assessment
The ePlus
Active Directory Security Assessment is a comprehensive review of Active Directory configuration and Group Policy Objectives (GPO) and their affiliated Organizational Units (OU), groups, computers, users, and service accounts.
Phishing Exercise
Firewall, Router and Switch Assessment
The ePlus Firewall, Router, and Switch Configuration Assessment helps you identify any configuration vulnerabilities in your environment that result in compliance violations or, if exploited,
could impact the security, availability, or performance of your network.
Compromise Assessment
Looks for signs of malware and other behaviors that can indicate an undetected breach.
Examines network traffic for suspicious communications and files traversing the network.
