Security Assessments - A cybersecurity assessment examines your security controls and how they stack up against known vulnerabilities. It's similar to a cyber risk assessment, a part of the risk management process, in that it incorporates threat-based approaches to evaluate cyber resilience
Consulting - A cybersecurity consultant doesn't work for one company exclusively, but rather is hired by a client to test the organization's cybersecurity measures, and then design and implement a better defense.
Penetration Testing - A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. ... Insights provided by the penetration test can be used to fine-tune your security policies and patch detected vulnerabilities.
Audit and Compliance - A cyber security audit framework addresses how well your company identifies, detects, protects, responds and recovers from breaches and other incidents. Specifically, document compliance in the following areas: Risk management, including hardware, software, assets and system interconnections.
Vulnerability Scanning - A vulnerability scan is an automated technology that attempts to identify vulnerabilities in your environment. A scan involves using a tool, such as Nessus or Qualys to run through a long list of checks to determine if you're affected by the vulnerabilities in their respective databases
Incident Response - Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Build Review - A build review assesses the configuration of the operating system, device configuration and its settings against industry benchmarks. Typical build reviews include: Operating system version and patch checking. Third-party software reviews.
Security Architecture - Cybersecurity architecture, also known as “network security architecture”, is a framework that specifies the organizational structure, standards, policies and functional behavior of a computer network, including both security and network features.
Source Code Review - Source code security analysis (source code review) is the examination of an application source code to find errors overlooked in the initial development phase. A tester launches a code analyzer that scans line-by-line the code of an application
Risk Assessments - A cyber security risk assessment identifies the information assets that could be affected by a cyber attack (such as hardware, systems, laptops, customer data and intellectual property). It then identifies the risks that could affect those assets.
Social Engineering - Social engineering is the art of manipulating people so they give up confidential information. ... Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.