information security discussion © 2015 trojan horse security inc., all rights reserved1
TRANSCRIPT
© 2015 Trojan Horse Security Inc., all rights reserved 1
INFORMATION SECURITY DISCUSSION
What Keeps Our Clients Up at Night? Security tops every major CIO priority survey
© 2015 Trojan Horse Security Inc., all rights reserved 2
Biggest Concerns:
• Are you worried about a headline-making breach involving sensitive customer data?
• Are you concerned with government requirements around protection of personal data?
• Will you meet compliance requirements?
• Do you have sufficient security IT resources and partners to manage your security and compliance needs?
• Have you included security in your latest hosting, recovery, and cloud initiatives?
• Have you validated your security gaps and do you have a plan to correct and mitigate vulnerabilities?
• Are your web applications secure?
• How do you manage intrusion detection and alerting, capture and store log data, employee web usage among other technology needs?
• Are you cyber resilient?
© 2015 Trojan Horse Security Inc., all rights reserved 3
Why Trojan Horse Security Inc. for Security? • THS had a team of the best information security consultants in the business. • THS offers a full spectrum of information security services.• THS consultants are experts at building infiltration and have infiltrated top, high
security facilities.• THS specializes in corporate security and prides itself in only employing the
worlds top information security consultants. All THS consultants have over 10 years experience and are industry leaders. They have all, at one point in time, worked for a major consultancy in a senior role.• THS is consultant owned and as such are able to give the most dedicated service
and still out bid any other consultancy – guaranteed.
© 2015 Trojan Horse Security Inc., all rights reserved 4
Security Elevator Pitch & Proof PointsTrojan Horse Security is built on 3 pillars:
Quality • Senior level consultants with a minimum of 10 years experience each• Industry leaders with global experience• Credentialed employees (CISSP, QSA, CEH, etc.) • Physical security services conducted by former Secret Service Presidential Detail, Black-Ops and Seal Team Six.• Media coverage
Value• Low overhead means flexible consulting rates• Ability to offer low introductory rates• High Quality to Price ratio = Value
Service • Responsive communications• Old fashioned “customer is always right” attitude• Custom tailoring according to individual client needs
© 2015 Trojan Horse Security Inc., all rights reserved 5
Security Consulting Offering (Line Item View)
Remediation
Security PMO
► Security Staff Augmentation
► Continuous Advisory Assistance
► Process/Policy Development
Staff Augmentation
► Incident Handling & Forensics
► Implementations
► Training
► Architecture Segmentation
► Breach Detection
Project-Based Engagements
Controls-Based Assessments
► PCI Assessment
► Formal Report On Compliance
► ASV Scanning
► Remediation Services
► PCI Design Assistance
► Audit Prep
► Continuous QSA
PCI
► HIPAA Assessment
► Design and Remediation Services
► PII Scanning
HIPAA
► Enterprise Assessment
► Security Framework Roadmap
► Baseline Assessment Lite
ISO 27002:2013NIST 800-53
Technical-Based Assessments Services
► Internal Testing
► External Testing
Penetration Testing
Vulnerability Assessments
► Web Application Assessment “Black Box” Business Logic
► Web Services Assessment
Web Application
Testing
► Application Code Review “White Box” Tests internal structures of application
Code Reviews
► Vulnerability Assessment
► Internal Testing
► External Testing
Strategy
► Virtual CISO
► Security Roadmaps
► Security Policy Development
Strategy
► Business Process Integration
► Security Frameworks
Design
Data Governance
► Security Risk Assessment
► Targeted Readiness Assessment
Risk Assessment
► Program Management and Design
Program Assistance
© 2015 Trojan Horse Security Inc., all rights reserved 6
Cyber Resilience Program
Cyber security strategy review
Incident management assessment and
exercise
On-call forensic response retainer
Breach indicator vulnerability assessment
Vendor management and sampling
evaluation
Trojan Horse Security develops and enhances cyber security capabilities to provide better assurance against security breaches and vulnerabilities and provide real-time expertise in the event of an actual breach or attack
Cybersecurity strategy review. Assess organizational information security program against NIST cybersecurity framework and align to ISO 27002 standard with an output consisting of a milestone-based roadmap to be leveraged as the cybersecurity strategy moving forward.
Incident management assessment and exercise. Assess overall cyber ability to respond to threats and incidents with focus on communications, existing and consistent processes, organizational flow, and required to-be state.
On-call forensic response support and retainer. Incident response support as necessary based on client alerts and declarations to provide real-time support to breaches.
Breach indicator vulnerability assessment and penetration testing. Quarterly onsite review of client IT landscape for vulnerabilities, malware, incident residue, persistent threats, and other unseemly activities and reoccurring penetration testing.
Third party / vendor risk assessments. Provides an independent perspective that addresses management or board level concerns. Identifies areas of risk relative to individual 3rd parties that can be evaluated internally for subsequent action.
© 2015 Trojan Horse Security Inc., all rights reserved 7
What can you do about security challenges?
Client’s guide to a secure organization► Conduct compliance “gap analysis” to identify security needs► Develop an overarching information security program► Focus on prescriptive standards like PCI DSS► Perform periodic compliance validation► Utilize MSSP or SaaS solutions supported by 24x7 security experts to augment
current resources► Leverage a trusted managed services provider to handle the difficult security
operations tasks:• Patching• Antivirus• SOC• DDOS Prevention
© 2015 Trojan Horse Security Inc., all rights reserved 8
Penetration Testing Methodology
© 2015 Trojan Horse Security Inc., all rights reserved 9
To learn more visit: www.TrojanHorseSecurity.com or call us on (202)-507-5773
Trojan Horse Security Inc.2200 Pennsylvania Avenue NW4TH Floor EastWashington, DC 20037
© 2015 Trojan Horse Security Inc., all rights reserved 10
Confidentiality Statement & DisclaimerThis document contains Trojan Horse Security confidential or proprietary information. By accepting this document, you agree that: (A)(1) if a pre-existing contract containing disclosure and use restrictions exists between your company and Trojan Horse Security, you and your company will use this information subject to the terms of the pre-existing contract; or (2) if no such pre-existing contract exists, you and your Company agree to protect this information and not reproduce or disclose the information in any way; and (B) Trojan Horse Security makes no warranties, express or implied, in this document, and Trojan Horse Security shall not be liable for damages of any kind arising out of use of this document.
© Trojan Horse Security Inc. 2015. All rights reserved. No parts of this document may be reproduced, transmitted or stored electronically without Trojan Horse Security Inc. prior written permission.