Welcome to the NWN Security blog site. I hope to use this site and its related Twitter account to distribute updates about NWN's Security Testing, Assessment and Response practice. Rather than talking about what this blog will contain, I'll just start and hope you get the idea.
As many of you know, NWN has created a new practice that focuses exclusively on security testing, security assessments, regulatory compliance, incident response and computer forensics - thus "Security Testing, Assessment and Response" or STAR. For those of you not familiar with what we do, I'll give you an overview.
"Security Testing" focuses mainly on reviewing security from an attacker's perspective. This includes things like vulnerability scanning, war dialing, war driving, social engineering, physical security and full penetration testing. Basically, we try to break in to customer networks to test their security.
"Security Assessment" tests to operate from a more trusted perspective. We work with our customers reviewing the configuration of systems and devices, their network architecture, Active Directory, security technology, security policies and security operations to determine overall security effectiveness. Assessments can also take the form of formal audits where NWN collects evidence of proper security and provides our customers with PASS/FAIL grades.
"Incident Response" involves identifying and confirming the attack or compromise, containing the problem, cleaning up the mess and finally, restoring normal business operations. It can include formal computer forensics investigations, either in conjunction with law enforcement or not.
Any and all of these services can be directly related to regulatory compliance (e.g. PCI, SOX, GLBA, HIPAA, 21 CFR Part 11, etc.) or they can be based on industry standards such as the ISO 27000 series.
Well, that's about all for now. Check back periodically for more updates. I hope to get to this on at least a weekly basis. If you have any questions, concerns, comments or need anything from me, don't hesitate to reach out.
Thanks,
Kevin
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment