Assess

Go on the attack. Invite LBMC Security Services to lurk around your systems like hackers and intruders do in the real world. Through our diverse testing methods, we assess your organization’s information security and security policies to see if they really do protect your assets on an ongoing basis and comply with pertinent regulations.

Evaluations can involve specific areas of the business, a certain regulation or enterprise-wide risks. Among our full suite of assessment services:

  • Risk assessment: Identify business and technology risks based on leading security risk assessment methodology, which can be based on formalized standards such as NIST, ISO, COBIT and HITRUST (we are HITRUST Common Security Framework qualified assessors).
  • Penetration testing and vulnerability assessments: Identify and prioritize weaknesses through testing by our seasoned experts in physical, logical and social testing techniques. We think outside the box and know what intruders are looking for.

    LBMC Security Services goes far beyond basic automated scanning software security assessments. We conduct those initial vulnerability scans, review those results and conduct other automated and manual assessments to validate your information security system--and point out possible overlooked areas that could pose threats to your company.

    We perform social engineering assessments. We become your "hackers"--sending fake emails with spoofed sites to see if they're opened; posing as callers who try to secure sensitive information; guessing passwords to gain entry; dropping a USB drive in the office to see if someone puts it in your computer to see what it is and much more.
  • Web-application testing and code reviews: Web-based applications open your company to a host of external challenges. We review security-specific technology, including areas such as wireless, network, email, applications, firewalls and operating systems using a three-tiered assessment:
    1. Assess vulnerability of infrastructure hosting the web applications
    2. Conduct manual and automated testing against the website and web applications
    3. Manually review samples of web applications' open-source code to validate discovered vulnerabilities and confirm generally accepted secure coding practices when benchmarked against Open Web Application Security Project's standards.
  • Incident assessments and forensics: Evaluate and respond to trouble when it happens, and review how it happened to prevent similar attacks.
  • Regulatory and standards compliance: Review applicable policies and systems to ensure proper adherence to client’s corresponding regulatory requirements such as PCI, HIPAA, GLBA and SOX. LBMC Security Services is a qualified assessor for HITRUST Common Security Framework, the emerging security standards developed for the heath care industry.
  • Enterprise security review: Assess security across the organization by involving many aspects of vulnerability assessments on a wider scale.