TrustCC, Information Security Consulting & Compliance

• Home
• Industries
  • Financial Services
  • Healthcare
  • Retail
  • Government
  • Service Providers
  • Public Companies
  • Higher Education
  • Professional Services
• Solutions & Services
  • IT Compliance
    • GLBA Compliance
    • HIPAA Compliance
    • SOX 404 Compliance
    • PCI DSS Security Preparedness
    • TG-3 PIN Security
  • IT Audit
    • General Controls Audit
    • FFIEC Audit
  • IT Security Testing
    • Comprehensive Security Assessment
    • Penetration Testing
    • Mainframe Security
  • IT Policy and Program
    • Information Security Risk Assessment
      
    • Incident Response
    • IT Security and Compliance Training
    • Business Continuity Planning
    • Policy and Procedure Development
• Resources
  • Articles
  • Checklists and Samples
  • Presentation Materials
  • Case Studies
    • Penetration Testing Case Study
    • Social Engineering and Phishing Case Study
    • Outsourced IT Audit Case Study
    • Policy Development Case Study
  • Partners
  • Useful Links
• Company Info
  • The TrustCC Advantage
  • Management Team
  • Security/Audit Vendor Due Diligence
  • TrustCC's Internal Controls
  • Client Demographics
  • Code of Ethics
  • Job Openings
  • Contact Us
• News & Events
  • News & Press
  • Seminars and Training

Penetration Testing

Security assessments pinpoint vulnerabilities and demonstrate threats so organizations can understand and manage their risks. Many regulations require/recommend some form of vulnerability and penetration testing. For example:

"Regularly test the key controls, systems and procedures of the information security program. The frequency and nature of such tests should be determined by your risk assessment. Tests should be conducted or reviewed by independent third parties or staff independent of those that develop or maintain the security programs." - GLBA

"Evaluation - Perform a periodic technical and non-technical evaluation... that establishes the extent to which an entity's security policies and procedures meet the requirements of this sub-part." - HIPAA

Designed For:

• Organizations of any size and from any industry who want to pinpoint their vulnerabilities so they can prioritize and provide resources to managing security risks.
• Organizations that need a third party’s review and evaluation of their security measures, including penetration testing, in order to remain compliant.

What We Typically Provide:

• Footprinting: Gather information about an organization to identify targets, boundaries and public information.
• Fingerprinting: Use this information to detect and scan deeper in the organization in order to identify likely vulnerabilities.
• Attack: Exploit all found vulnerabilities using technical and non-technical social engineering and by escalating privileges.
• Information Gathering: Demonstrate our access to sensitive non-public information.

How You Benefit:

• Know Your Risks: You will know where you have risks and will be able to prioritize your security and controls initiatives to address matters of greatest priority.
• Demonstrate Your Controls: You will know that your security controls are implemented correctly, operating as intended and producing the desired outcome.
• Comply with Regulators: Our Assessments are designed to meet the regulatory requirements to test and evaluate key controls.