Traditional penetration tests and assessments focus on particular areas of discipline, such as technical controls, physical security, policy compliance or social engineering. Because attackers do not limit their attacks to a single discipline, neither does cprlorca’s Advanced Persistent Threat (APT) Assessment. The service is a comprehensive assessment that tests the ability to exploit multiple attack vectors in a realistic, multi-discipline engagement. In a controlled exercise, a cprlorca Information Security Analyst mimics the actions of an actual attacker and identifies any resulting weaknesses that could result in the unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI).
IT security and compliance regulations and guidelines, such as GLBA, FFIEC, HIPAA, NCUA, FDIC, etc., require organizations to conduct independent tests of their information security and compliance programs. In addition to regular security assessments, best practices recommend that organizations perform penetration tests to ensure the security of their information systems and critical data.
The APT assessement is realistic and fulfills several testing objectives simultaneously – all while reducing cost and delivery time compared to identical, individual services.
Attackers employ a variety of techniques to create a synergistic attack, and it only takes one successful exploit to enable further attacks. cprlorca’s APT assessment examines and tests your organization’s controls at multiple layers: technical controls, personnel and procedural controls, and physical controls. Tests are designed to identify any weaknesses that could be used by external attackers to disrupt the confidentiality, availability, or integrity of the organization’s data and information systems. Once identified, you are able to address each weakness.
cprlorca's Security Testing Methodology:
Results are provided in an extensive report containing: