Home + Solutions + Security + Security Advisory Services + Consulting and Compliance Services - Details

Consulting and Compliance Services

PCI v3.2.1 Compliance Gap Analysis 
Any entity processing credit cards is currently required to be compliant with PCI DSS 3.2.1.

HIPAA Security Compliance Gap Analysis 
A requirement for any organization storing, creating, or processing personal health care records for living patients.

GDPR Compliance Gap Analysis 
A European Union requirement for privacy, this assessment, also called a Data Protection Impact Assessment (DPIA), measures compliance against GDPR

NIST 800-53/171 Compliance Gap Analysis 
Typically, organizations that deal with the U.S. Federal government work to be compliance with NIST Special Publication 800-53. In addition, if Controlled Unclassified Information (CUI) is in use or created this may require your organization to be DFARS (Defense Federal Acquisition Regulation Supplement)-compliant. This typically impacts research universities, defense contractors, or supporting organizations.

FERPA Data Security Gap Analysis 
The Family Education Rights and Privacy Act is in place to protect student records, aligning mostly with the handling of records and their security and integrity.

FISMA Security and Privacy Assessment

NYS DFS Compliance Gap Analysis
Any organization dealing with financial transactions and operating within the state of New York has a requirement to be compliant with NYS DFS 500. This also requires the organization to have a CISO or a third party assigned the role as a virtual CISO.

California Consumer Privacy Act (CCPA) Compliance Gap Analysis

Security Risk Assessment 

Aimed at reviewing your organization’s environment and providing a findings assessment and remediation roadmap to improve your security program.

Program Maturity Assessment
Review of your organization’s infrastructure, regulatory compliance program, and staffing skillset; provides feedback in the form of a 1-3 year improvement plan.

ISO Readiness Assessment 
An assessment aimed at identifying any gaps between your organization’s existing environment and one certified by ISO, typically ISO 270001 – Information Security Management.

CIS Top 20 Gap Assessment 
A Security Framework aimed at assisting your organization in the development of a security program that targets critical requirements first to improve
security quickly.

Policy Review and Creation 
This program reviews policies for required design controls and creates missing policies, where needed.

Business Continuity and Disaster Recovery Planning 
A regulatory compliance requirement and a part for all security frameworks, Business Continuity and Disaster recovery planning helps your organization understand requirements and processes in order to return an origination to a pre-incident state.

Virtual Chief Information Security Officer (vCISO) 
Aimed at organizations without a security program or that have an immature program, the vCISO delivers services required to develop a security program and increase maturity to deal with regulatory and other security needs.

Incident Response Playbook Development 
All organizations need a run book in order to respond to a variety of events and incidents. This program is designed to deliver an IR Plan tailored to your organization’s needs and skillset. 

Assessment Services

Vulnerability Assessments
Do you know where your exposures are and how to eliminate them? The ePlus Security Vulnerability Assessment scans your network-connected devices and applications, identifies port exposures and other vulnerabilities, ranks vulnerabilities based on risk to your business, and provides a roadmap for remediation.

Penetration Testing
How easily could a hacker penetrate your defenses? If you don’t know, ePlus’ Penetration Testing Assessment will help you find out. We mirror techniques used by hackers to exploit both technology and human vulnerabilities in your environment. We identify areas where your defenses are weak, and your systems and data are at risk and vulnerable, so you can take action to prevent potential breaches.

Web Application Assessment
Hackers are adept at exploiting vulnerabilities in web applications. Using automated and manual processes that include commercial, open source, and internally developed ePlus tools, our Web Application Assessment focuses on identifying web application specific vulnerabilities so you can eliminate exposures before a problem occurs.

Application Code Review Assessment
Catching code problems early can prevent exposures later. Using a combination of automated static code analysis tools and manual validation of data, the ePlus Application Code Review Assessment identifies potential flaws in code that would result in vulnerabilities in later stages of the Software Development Lifecycle (SDLC).

Wifi Vulnerability Testing

Social Engineering/Physical Security Assessment
ePlus’ Social Engineering/Physical Security Assessment consists of several types of campaigns: red team physical attacks, email phishing, and vishing. Each campaign is designed for you to see how weak or strong your internal/external security controls are and how you can improve or increase security awareness.

Active Directory Security Assessment
The ePlus Active Directory Security Assessment is a comprehensive review of Active Directory configuration and Group Policy Objectives (GPO) and their affiliated Organizational Units (OU), groups, computers, users, and service accounts.

Phishing Exercise

Firewall, Router and Switch Assessment

The ePlus Firewall, Router, and Switch Configuration Assessment helps you identify any configuration vulnerabilities in your environment that result in compliance violations or, if exploited, could impact the security, availability, or performance of your network.

Compromise Assessment
Looks for signs of malware and other behaviors that can indicate an undetected breach. Examines network traffic for suspicious communications and files traversing the network.

Ready to learn more?

Preparation and success go hand in hand.
Connect with us or use the form.
+1 888-482-1122