Cyber Security Check-up Services

With the phenomenal increase in the access and flow of sensitive information within in healthcare, finance, and education industries, security risk assessment and analysis must be at the core of every organization’s cyber security program. Marlabs will assist customers in identifying regulatory obligations, technical and non-technical security threats and vulnerabilities, and their likely impact on business.
 
In order to ensure that a security program is operating at peak performance at all times, it makes sense to have certified trained experts perform periodic check-ups. Every organization should have answers to the following questions: 
  1. How "healthy" is your cyber security program?
  2. When was the last time you checked?
  3. Do you have the resources and time to review your current security control processes?
Marlabs cyber security check-up services provide customers with focused and detailed advisory reports that include assessment, reviews, and recommended corrective action plans of their security controls. Marlabs will even perform corrective actions for customers and/or assist their IT/security staff in doing so.
 
Our cyber security check-up services include:
  • Firewall security check 
  • IDS/IPS assessment and tune-up 
  • Business partner and vendor security risk assessment planning 
  • Secure disposal planning 
  • Employee security awareness program development 
  • Security awareness testing: spear phishing 
  • Social engineering scans 
  • Mobile device security assessment 
  • Cyber security and performance monitoring
We also provide security staff augmentation in a multitude of cyber security disciplines.
 
Assessment of firewall security policy. This involves reviewing/testing of the following:
  • Policies
    • Rule set and implementation approach
    • Maintenance and management
    • Physical security of firewall environment
    • Information security policy
  • Firewall administration access:
    • Access to the platform
    • Platform operating system builds
    • Failover strategies
    • Logging functionality
    • Security incidents
    • Backups
IDS/IPS Assessment and Tune-up
  • Fine tune security capabilities
    • Information gathering and logging
    • Detection and prevention
  • Management
    • Implementation review
    • Operation and maintenance
Business Partner and Vendor Risk Assessment Planning
Services include the review of vender security in the following security area domains:
  • Organization
  • Employee security focus
  • Change, identity, and event management
  • Network, application, and system security
Secure Disposal Planning
Services include information sanitization and disposition decision making:
  • Information decisions in the system lifecycle
  • Identification of the need for media sanitization
  • Determination of security categorization
  • Reuse and control of media
  • Sanitization and disposal decisions
  • Verification methods
  • Review, develop, and/or revise documentation
Employee Security Awareness Program Development
  • Design awareness and training programs
    • Structure client awareness and training
    • Conduct needs assessment
    • Develop strategy and plan
    • Establish priorities
    • Address funding and training
  • Develop material
  • Implement programs
Security Awareness Testing - Spear Phishing
  • Leverage Nexpose social scan
  • Perform variations of spear phishing
  • Produce results report
  • Recommend corrective actions
Social Engineering Scans
  • Gather intelligence
  • Establish trust
  • Exploit trust
  • Use information
Exploit the Following Threat Vectors
  • Phone
  • Personal approaches
  • Online
  • Trash management
  • Reverse social engineering
Mobile Device Security Assessment
Services include:
  • Wireless scan
  • Mobile device strategy assessment
  • Mobile device security control domain
    • Asset inventory
    • Device provisioning
    • Software distribution
    • Security management
    • Device protection
    • Monitoring and help desk support
    • Managing diversity of mobile platforms
Cyber Security Staff Augmentation
Cyber security workforce framework specialty areas:
  • Securely provision: Conceptualize, design, and build secure IT systems
  • Operate and maintain: Provide support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security
  • Investigate: Investigate cyber events or crimes, which occur within IT systems and networks
  • Collect and operate: Investigate cyber events or crimes, which occur within IT systems and networks
  • Analyze: Analyze highly specialized and confidential information that may develop intelligence
  • Oversight and development: Provide critical support necessary for cyber security work.