NEQ provides you with the comfort of knowing that your Information Security Program is effectively doing what you have designed it to do, plus recommendations of critical areas that should be included as it is compared with industry standards such as ISO-27001 and the SANS Top 20 Critical Cyber Security Controls.
To perform our assess your program, we leverage the FoRMA Methodology and begin by scoping our services to best fit your needs and interests. We conduct selected assessment services and partner with approved Security Service Providers, and we can even include your recent IT audit and Penetration Tests in our review of your security.
You will receive a comprehensive report that is technical and easily explains the strengths, gaps and risks.
NEQ will research the key business processes and will identify the corresponding critical systems that support them using a top-down approach. This will be performed using the GAIT-R methodology and discussions with business and IT stakeholders.More
NEQ will review the Information Security Policy for alignment to ISO-27001, COBIT, and industry standard policy management practices.
NEQ will review any existing security awareness efforts as well as perform a security awareness gap assessment of the end-user and provide an overall score and highlight the weaknesses in order to help mitigate and plan awareness campaigns.More
NEQ will partner with approved Penetration Testing providers to include their results as part of the ISPAS report.More
As part of our service to help you identify your core business assets, NEQ will perform a review of any existing Critical Business Inventory (which may exist for publicly traded companies for SOX compliance) or help you to develop an inventory of IT systems and IT security controls.
Our service will provide you with a validated inventory that includes the following:
We leverage the leading GAIT-R top-down methodology to ensure the IT assets are aligned with core business functions.
This will help you prioritize your respnse to security incidents and improve the reporting of the security value to your management.
NEQ provides an Information Security Policy Assessment service to understand what you need to do to tune them, improve their visibility, ensure the business alignment and ultimately instill the awareness you need to reduce incidents.
You will receive a report that provides:
End-users are at a greater risk of new phishing, malware and social engineering tactics every day, no matter the size of the company - big or small - cyber criminals are finding better ways to hack network databases, extract sensitive information and plunder financial services. Are your employees equipped with the knowledge and reactive habits to deal with the growing trend of phishing and other cyber attacks?
NEQ provides an Information Security Awareness Assessment service that identifies key areas of vulnerability on the end-user side through our custom and tailored security awareness assessment survey.
You will receive:
Performing a Penetration Test on your infrastructure is the best way to validate your exposures from an attacker perspective. These tests are part of our FoRMA Duality of Risk model which will confirm the balance of controls necessary to protect your critical IT assets.
NEQ does not perform Penetration Testing ourselves and works with Penetration Testing security service providers to conduct the testing per the scoping that is agreed upon with the client and may be coordinated through NEQ’s ISPAS. The resulting Pen Test details will be included in a cohesive FoRMA report format with the other NEQ services and will be aligned with the respective business risks and supporting security controls.
For further details, view our list of recommended partners