Security Assessment & Authorization | Penetration Testing | Vulnerability Assessments
The National Institute of Standards and Technology (NIST) Risk Management Framework (Special Publication 800-37) has created a new model for risk analysis for federal agencies by moving from the traditional Certification & Accreditation (C&A) approach to a Security Assessment & Authorization (SA&A) model – a more real-time, dynamic view of risk. Federal agencies must adapt their current cyber security programs to align with the SA&A model, and focus on identifying security risks throughout the Systems Development Lifecycle (SDLC). We support all aspects of the SA&A model and bring our unique methodologies to each engagement, helping agencies assess their systems’ security posture and make appropriate authorization decisions. We have proven references and we differentiate ourselves from our competitors by bringing real-world attack and exploitation experience. Capricorn supports commercial AND federal agencies’ implementation of the SA&A model by providing these key services:
A penetration test determines how well your organization's security controls protect your assets from a direct Internet attack. Only a real penetration test by an experienced professional can simulate what would happen if a determined hacker were to attack your organization. With in-depth expertise in attacks and exploits used against mission-critical assets, through monitoring and protecting the networks of thousands of customers, you can use a multi-phase process to find and exploit vulnerabilities in your network.
Many of Capricorn’s Security Division technical staff members and consultants have 20 - 40 years' experience in evaluating the security of critical systems and in attacking a broad spectrum of targets. We believe that the best way to protect a system is to first understand the system well enough to attack it successfully.
An initial part of understanding the vulnerabilities in a system involves a detailed evaluation of the security state of the existing system. Given the inherent complexity of modern systems, use of an automated tool or service makes this examination much more efficient. Capricorn can provide an external assessment of the systems reachable from the Internet, or can place an appliance on the target company's intranet and provide regular assessments of customer’s assets on the network.
The results of these recurring assessments are immediately available to the customer on a secure web portal. Once the current state of the target system(s) are known, these should be brought up to currency by updating or patching the systems' software. The evaluation reports provided by Capricorn include web-links to any needed patches or upgrades. The reports also include references to comments and other reports on the efficacy and utility of the patches. Although decisions on patching and upgrading are always made by the customer on a case-by-case basis, Capricorn has automated tools available to minimize the staff time required to do the patching / upgrading.
Our Team includes CISM, CISA, and CISSP Certified Enterprise Systems Consultants each with over 25 years of enterprise information systems experience with security focus in multiple sectors.
Please Contact us at 678-514-1080 x 2507 or email us at email@example.com to learn more about this offering.