Archives: Services

GLBA Assessment

Ignyte Services provide solutions for organizations to ensure they have effective enterprise security policies, standards, and procedures that are compliant with the Gramm-Leach Bliley Act of 1999 (GLBA). Our GLBA Compliance Assessment is an independent assessment of your business’s current administrative procedures and the physical and technical safeguards within your business infrastructure. Ignyte helps you rapidly and efficiently achieve your security management objectives for GLBA compliance.

FRAMEWORK BASED ASSESSMENTS

Today’s leading business institutions have become readily aware of the value of effectively managing enterprise policies to adhere to the increasing demands of government regulations about security and privacy.

Having a well-planned and defined GLBA compliance framework provides an organization with a comprehensive strategy to shape its tactical security solutions in relation to business objectives consistent with government regulations. It is fundamental to have an integrated internal control framework for which executive management can visualize, in real time, their overall compliance to GLBA. To do this, you need to know exactly where your enterprise is today in relation to where it needs to be (gap analysis) in accordance with GLBA standards and other federal and state regulations.

OUR APPROACH

Ignyte has mapped the GLBA requirements into acomprehensive assessment that exceeds the requirements called for by the GLBA and most auditors. We will chart a plan toward a comprehensive compliant security program for your organization. Our assessment maps to the domains of the International Standards Organization (ISO27001).

FOCUSED ON RESULTS

Our reports highlight areas which need to be addressed and the recommended GLBA Compliance Framework necessary for the overall business objectives. This Ignyte assessment will provide your organization with:

A Gap Analysis using ISO27001 security standards, and the latest GLBA government requirements.

  1. A Gap Analysis that identifies areas of remediation for Administrative Procedures, Physical Safeguards, and Technical Safeguards.
  2. Road Map for GLBA Remediation Strategy.

Solving Enterprise Risks Through People, Process, and Technology

Businesses often discover that buying and installing new security software is only a small part of an enterprise security solution. An effective security solution is one in which an organization manages risk, provides effective processes and implements technology for security enablement. Ignyte tailors the approach to meet your specific business requirements to protect your enterprise resources and ensure business continuity.

Assurance Assessment

Ignyte— has been recognized as the industry leader for delivering expert security services for organizations of all sizes across the country. Ignyte Assurance Assessment Services provides the opportunity to supplement the Ignyte platform.

FRAMEWORK BASED ASSESSMENTS

Ignyte can perform maturity based assessments to evaluate an organization’s cyber maturity and assist with developing a roadmap to improve on any weaknesses. Ignyte can also perform several readiness assessments such as PCI-DSS or FedRAMP. Ignyte can provide a certification and report on compliance after the assessment has been completed. Our most popular readiness assessments include:

  • NIST CSF
  • NIST RMF
  • FedRAMP
  • FFIEC
  • GDPR
  • PCI-DSS
  • ISO27000 Series

COMMON CONTROLS DEVELOPMENT

Ignyte can develop common controls which includes controls mapping services. If an organization has to be compliant with several regulations, Ignyte has the ability to map controls across multiple frameworks tailor it to the organizations control language.

POLICY DEVELOPMENT

It is imperative that every organization have a robust set of policies in place from a legal, security and privacy perspective. Ignyte can provide Security and Privacy Policy Development Customization which includes policy and process documentation review.

GDPR ASSESSMENTS

With the increased concerns on privacy and to the ability to identify critical data, where it resides or how long it is being retained for, GDPR is vital for organizations that currently operate within EU. Ignyte GDPR Data Protection Impact Assessment provide organizations with the ability to identify and reduce the data protection risks within projects and systems, as well as reduce the likelihood of privacy harms to data subjects.

PCI-DSS READINESS ASSESSMENT

PCI-DSS is a set of security standards for merchants who accept, process, store or transmit credit card information. Ignyte’s audit readiness assessments for PCI-DSS automates the management of the audit readiness assessment.

FEDRAMP READINESS ASSESSMENT

Ignyte’s expert security resources bring more than 10 years of experience in defense and working with these types of assessments. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Any organizations moving systems / applications to a cloud service provider (CSP) like AWS, those application/systems need to go through a very complex assessment like FedRAMP. Ignyte will assist with FedRAMP PMO Management, 3PAO conflict management, System Security Plan (SSP) and artifact development.

Cybersecurity

Ignyte— has been recognized as the industry leader for delivering expert security services for for organizations of all sizes across the country. Ignyte Assurance Assessment Services provides the opportunity to supplement the
Ignyte platform.

MANUAL AND AUTOMATED CODE REVIEW

Ignyte has expert static and dynamic code analysis resources to assist organizations with manual and automated code review. We help ensure there is no malicious code within an application before it goes into production. Ignyte has the ability to help change developer behavior from a Secure SDLC perspective and will also assist with Abuse Case Development and Learning Defensive Programming.

WEB APPLICATION TESTING

Ignyte will perform dynamic testing which is used in software engineering to describe the testing of the dynamic behavior of code. This refers to the examination of the physical response from the system to variables that are not constant and change with time. Whereas Static is being examined without being executed. Using the OWASP Top 10 our developers have a wide range of experience for performing this type of assessment. Ignyte can also perform security DevOps Security Testing if needed as well.

PENETRATION TESTING

The reputation and history of Ignyte is built on technical services from penetration testing to writing custom FIPS-approved encryption algorithms in C and Assembly for some of the largest hardware distributors in the world. Ignyte maintains this pool of talent to test and audit our own platform. We offer our customers the opportunity to leverage this talent by providing limited attack and strategy engagements to inform of penetration testing or vulnerability management.

VULNERABILITY MANAGEMENT

Ignyte will develop a Vulnerability & Patch Management Strategy and the validation of those patches. This is very critical for an organization to implement to ensure there are no gaps within the environment that can be easily remediated through patch and vulnerability management. Ignyte has experienced personnel that can review the results and create a mitigation strategy for specific gaps found.

THREAT MODELING

Ignyte has solid experience in the military/government field and has adopted Military Attack Planning and Simulation Strategy for threat modeling. Ignyte will plan and implement defensive strategies when dealing with advanced cyber threats. Ignyte will identify objectives and vulnerabilities and then defining countermeasures to prevent, mitigate the effects of threats to the organization.

PHYSICAL SECURITY TESTING

Ignyte will provide a physical threat assessment based on formal methodology & training provided by US Military Forces with this includes air and land perimeter inspection and physical intrusion testing or social engineering.

HIPAA Compliance Assessment

Ignyte’s HIPAA Compliance framework provides organizations with a comprehensive strategy that customizes tactical security solutions in relation to business objectives. A compliance framework provides the structure for adhering to governmental regulations (i.e., Sarbanes-Oxley Act, Gramm-Leach Bliley Act, Health Insurance Portability and Accountability Act), and for having a program consistent with industry standards (i.e. National Institute of Standards and Technology, ISO27001).

Our Approach

Ignyte will assess the current compliance framework within the below areas as they apply to HIPAA:

  • Security Certification
  • Chain of Trust Partner Agreements
  • Contingency Planning
  • Formal Mechanisms for Processing Records
  • Information Access Control
  • Personnel Security
  • Security Configuration Management
  • Security Incident Response
  • Security Management
  • Termination Procedures
  • Security Awareness Training
  • Security Responsibilities
  • Media Controls
  • Security Policy, Standards, and Procedures
  • Access Control
  • Audit Controls
  • Data Authentication
  • Entity Authentication
  • Communication and Network Controls
  • Focused on Results

    Our reports highlight areas which need to be addressed and the recommended GLBA Compliance Framework necessary for the overall business objectives. This Ignyte assessment will provide your organization with:

    • A Gap Analysis using ISO27001 security standards, and the latest GLBA government requirements.
    • A Gap Analysis that identifies areas of remediation for Administrative Procedures, Physical Safeguards, and Technical Safeguards.
    • Road Map for GLBA Remediation Strategy.

    Solving Enterprise Risks Through People, Process, and Technology

    Businesses often discover that buying and installing new security software is only a small part of an enterprise security solution. An effective security solution is one in which an organization manages risk, provides effective processes and implements technology for security enablement. Ignyte tailors the approach to meet your specific business requirements to protect your enterprise resources and ensure business continuity.

Security Policy Assessment

Ignyte Services provide solutions for organizations to help effectively manage security policies, standards, and procedures. Our Security Policy Framework Assessment is an independent assessment of the current information security policies, standards, and procedures.

Security Policy Framework

Ignyte’s Security Policy framework provides organizations with a comprehensive strategy that customizes tactical security solutions in relation to business objectives. A security policy framework provides the structure for adhering to governmental regulations (i.e., Sarbanes-Oxley Act, Gramm-Leach Bliley Act, Health Insurance Portability and Accountability Act), and for having a program consistent with industry standards (i.e. NIST, ISO27001). The Ignyte Security Policy Framework Assessment uses a hierarchical structure approach that starts at the top, policy, and works down through standards, guidelines, and procedures.

Ignyte – Approach

Ignyte will assess the current security policies, standards, and procedures in relation to the organizations business and regulatory requirements to the 11 domains (127 technical areas) in ISO27001:

  • Security Policy
  • Organizational security
  • Asset classification and control
  • Personnel security
  • Physical and environmental security
  • Communications and Operations Management
  • Access Control
  • Systems Development and Maintenance
  • Business Continuity Management
  • Infromation security incident management
  • Compliance

Focused on Results

Our deliverable is a report that will be presented, during our executive briefing, highlighting areas which need to be addressed and the recommended Security Policy Framework necessary for the overall business objectives. This Ignyte assessment will provide your organization with:

  • A Gap Analysis using ISO27001 security standards, and the latest GLBA government requirements.
  • A Gap Analysis using ISO27001 security standards, and the government regulations.
  • Road Map Implementation Strategy that addresses policies, standards, and procedures.
  • Solving Enterprise Risks Through People, Process, and Technology

    Businesses often discover that buying and installing new security software is only a small part of an enterprise security solution. An effective security solution is one in which an organization manages risk, provides effective processes and implements technology for security enablement. Ignyte tailors the approach to meet your specific business requirements to protect your enterprise resources and ensure business continuity.

Penetration Assessment

Ignyte Services provide solutions to help organizations effectively manage their security frameworks in environments where threats evolve at escalating speeds.
Our Penetration Assessment offering is a focused and targeted “hacking” attack simulation to identify, evaluate, and demonstrate particular vulnerabilities in your network.

Penetration Assessment

Ignyte Services’s Penetration Assessments adhere to the OSSTMM penetration testing methodology and code of ethics for all of its penetration testing activities. Our security analysts are certified security practitioners holding at least one certification of Certified Information Systems Security Professional (CISSP).
Penetration tests can range in a number of varieties from testing one application based on known vulnerabilities to far reaching tests where no vulnerability information is provided and every system and network is in scope. Additionally, a penetration can go as far as to gain control of the system by any means (aggressive) or to simply illustrate that it “could” be done by “taking these next steps”, without taking the steps.

Our assessments answer these questions:

  1. Is the present internal control framework sufficient to mitigate risks associated with both internal and external threats?
  2. Can the host systems, applications, or infrastructure elements be compromised – thus adversely affecting the ability to continue business operations?
  3. Are the fundamental administrative procedures, physi- cal safeguards, and technical safeguards in place to protect the corporate image and customer’s private data?

Project Initiation – Confirm Objectives & Targets

Phase I: Map out Vunerabilities

Phase II: Demonstrate that the vulnerabilities exist

Phase III: Actual exploitation of a vulnerability in a network, system, or application. Obtain privileged access, exploit buffer overflows, SQL injection attacks, etc. This level of test would carry out the exploitation of aweakness.

Phase IV: Restoration

Phase V: Project Reporting

Focus On Results

Our reports provide a thorough analysis and summary of vulnerabilities identified and recommendations for developing the appropriate remediation strategy.

Solving Enterprise Risks Through People, Process, and Technology

Businesses often discover that buying and installing new security software is only a small part of a
enterprise security solution. An effective security solution is one in which an organization manages risk, provides effective processes and implements technology for security enablement. Ignyte tailors the approach to meet your specific business requirements to protect your enterprise resources and ensure business continuity.

Vulnerability Assessment

Vulnerability Assessment is to identify information security vulnerabilities associated with network devices, host systems, and applications on a customer’s external and internal infrastructure. A vulnerability assessment is normally a component of a larger security review, but may also be a standalone service.

Our assessments answer these questions

  1. Is the present internal control framework sufficient to mitigate risks associated with both internal and external threats?
  2. Can the host systems, applications, or infrastructure elements be compromised – thus adversely affecting the ability to continue business operations?
  3. Are the fundamental administrative procedures, physical safeguards, and technical safeguards in place to protect the corporate image and customer’s private data?

Approach

Ignyte’s Vulnerability Assessment is based on a phased approach to control the progression of the engagement. At the end of each phase, we provide a summary of activities, results, and an overview of the next steps to gain your “buy-in” before moving towards the following phases.

  • Project Initiation
  • Phase I: Discovery
  • Phase II: Assessment
  • Phase III: Validation
  • Phase IV: Restoration
  • Project Reporting

Focus on result

Our detailed reports highlight areas which need to be addressed as necessary for the overall business objectives. This Ignyte assessment will provide your organization with:

  • An analysis and summary of identified vulnerabilities and recommendations to assist in developing the appropriate remediation strategy.
  • A “Quick Hits” report is provided with a prioritized list of high-risk low-cost opportunities to facilitate rapid correction.

Solving Enterprise Risks Through People, Process, and Technology

Businesses often discover that buying and installing new security software is only a small part of an enterprise security solution. An effective security solution is one in which an organization manages risk, provides effective processes and implements technology for security enablement. Ignyte tailors the approach to meet your specific business requirements to protect your enterprise resources and ensure business continuity.

Virtual CISO

Ignyte— has been recognized as the industry leader for delivering expert security services for for organizations of all sizes across the country. Ignyte Assurance Assessment Services provides the opportunity to supplement the Ignyte platform.

SECURITY PROGRAM DEVELOPMENT

Ignyte will take a holistic risk and cost balanced approach to developing a security program. Our assurance programs are are designed to support the CISO and the CIO. Assurance program delivery can be a combination of services and the platform. By conducting a framework assessment, we will start with defining your cyber risk appetite and developing a Corporate Wide Security Governance Strategy. Our framework specialties include the following:

  • NIST CSF
  • NIST RMF
  • FedRAMP
  • FFIEC
  • GDPR
  • PCI-DSS
  • ISO27000 Series
  • And many more

SECURITY EXECUTIVE SERVICES

Ignyte will provide Executive Security Services that includes developing a Corporate Governance Strategy and how to manage multidimensional risks. We provide Board of Director Representation and Management for all high-level discussions in regards to cyber risk, governance and compliance strategy. Ignyte will assist with security leadership and coaching from the C-level executives to the user level.

TEMPORARY CISO

We know that security occers are not only looking to manage the risk, but also provide assurance to their business. Ignyte will provide experience and subject matter expertise to ensure the organization has improved their overall security posture.

EDUCATION AND TRAINING DEVELOPMENT

The number one vulnerability within an organization is their people. Ignyte will create a customized cyber security course development from user level to executive level leadership and provide technical education ranging from secure configurations to high powered security executive training.

TEMPORARY CISO

We know that security occers are not only looking to manage the risk, but also provide assurance to their business. Ignyte will provide experience and subject matter expertise to ensure the organization has improved their overall security posture.

COST AND BUDGET DEVELOPMENT

Ignyte will sustain the cost of security and privacy. Throughout this process Ignyte will develop business and cost justification for any business needs for cyber security. Ignyte will perform a quantitative analysis on a correct Return on Investment calculation for the organization. As the project matures, Ignyte will continuously develop the security budget.

REQUIREMENTS AND RFP DEVELOPMENT

Ignyte will formalize a robust security procurement strategy for when the organization is looking to obtain tools, services or people to improve their security posture. As the organization looks to procure more tools, Ignyte will provide evaluation criteria and RFP Development, Bid Management and Security Sourcing for these scenarios.

ISO Assessment

Ignyte Services provide solutions for organizations to help reach the level of qualification for certification with the International Standards Organization (ISO27001). Our ISO27001 Assessment offering is an independent review of your current enterprise information security infrastructure. We provide a comparison of the minimum essentials necessary to achieve certification with reference to your current state of enterprise security. Ignyte helps you rapidly and efficiently achieve your security management objectives for ISO27001 compliance.

RAISING THE BAR

Leading businesses have become aware of new standards of IT security, operations and policies within their respective industries. Certification requirements and standards set by ISO27001 raise the bar for best practices. These best practices for information security management serve as a benchmark against which organizations are being measured. Based on assuring confidentiality, integrity and availability of information assets, it covers all controls under 14 domains.

OUR APPROACH

Ignyte will assess the current security policies, standards, and procedures in relation to the organizations business and regulatory requirements to the domains in ISO27001:

  • Information security policies
  • Organization of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance

FOCUSED ON RESULTS

Our detailed reports highlight areas which need to be addressed and the required implementation of relevant controls for ISO27001 compliance or certification.

Solving Enterprise Risks Through People, Process, and Technology

Businesses often discover that buying and installing new security software is only a small part of an enterprise security solution. An effective security solution is one in which an organization manages risk, provides effective processes and implements technology for security enablement. Ignyte tailors the approach to meet your specific business requirements to protect your enterprise resources and ensure business continuity.

Launch Program

The majority of GRC application deployments fail to live up to their promises. This failure is often due to poor planning and a lack of understanding exactly how GRC programs influence business outcomes.  The Ignyte Launch Program was designed specifically to address these common failures to ensure a successful deployment that accelerates value recognition to the business.

ACCELERATE VALUE RECOGNITION

GRC programs often fail to provide a clear cut return on investment for business management. A key component of the launch program is detailing how, when and where on the timeline the value is delivered to your institution. With Ignyte, you can be assured that the project is maintain within cost and timeline required.

COMMUNICATE PROGRESS WITH CONFIDENCE

Socializing the plan and progress to leadership can be a daunting task especially if the project has not delivered true value. We know your success is tied to how effectively and efficiently you manage critical governance processes. The Launch program true value lies in ability to only understand this but actually deliver with speed. Using our proven methodology, our expert team members evaluate and build solid business outcome that drive solution success from the start.

KEY DELIVERABLE ITEMS

  • Customized Governance Launch Plan
  • Value Recognition Plan
  • Implementation & Training

Integration

Organizations today often have duplication of capabilities, tools, and technologies where significant investment has been made into an existing system. With Ignyte Integration Services, your organization can reap the benefit of taking a systems thinking approach to assembling and delivering internal assurance and GRC programs globally.

SYSTEMS INTEGRATOR APPROACH

Our teams’ deep background and expertise in delivering large-scale projects for the Department of Defense gives us a unique insight into how to integrate complex business systems. Whether it’s procure systems integrating onto our platform or our vulnerabilities management repository integrating into a SIEM, Ignyte’s Integration Team ensures that you have a sound systems integration approach to deliver the next era of cyber assurance management platform.

ECO-SYSTEM CREATION

A core component of integration with many systems is global optimization. This allows the system to function as a cohesive, single system with a broad range of capabilities. This is where Ignyte Assurance Platform outshines many of its competitors by self-assembling in the business ecosystem. Integration services are used to optimize this ecosystem so there is tight integration between several complementary components.

3RD PARTY SECURITY SYSTEMS APIs

Third Party Connectors allows us to exchange data from other security applications. The Ignyte Integration Team has several unlisted connectors that directly interface with the Ignyte Advance Orchestration SDK, which allows many existing security systems to communicate with one another.

Assurance Platform

Ignyte — historically known as MAFAZO — has been recognized as the industry leader for delivering superb security services for some of the biggest companies on earth. Ignyte Assurance Services is a service-level component that we offer to supplement and enhance our assurance platform.

ASSURANCE PROGRAM DELIVERY

Every informed security executive knows that preventing an attack is next to impossible. We believe that the most knowledgeable security officer is not only looking to manage the risk, but also provide assurance for their business. Our assurance programs are delivered by building and delivering strategy documents and artifacts to support the CISO and the CIO. Assurance program delivery can be a combination of services and the platform.

ASSESSMENTS AND AUDITS

To keep our skills relevant and sharp, you can be assured that all developers are actual users and practitioners. Ignyte offers standards-based assessments and audits from any cybersecurity framework. Our key framework specialties include the following:

  • NIST CSF
  • NIST RMF (Any implementation including FedRAMP)
  • HIPAA Security Rule
  • PCI-DSS
  • COBIT
  • ISO 27000 Series
  • FFIEC CAT
  • And Many More

TECHNICAL CYBER SECURITY SERVICES

The reputation and history of the company is built on technical services from penetration testing to writing custom FIPS-approved encryption algorithms in C and Assembly for some of the largest hardware distributors in the world. Ignyte maintains this pool of talent to test and audit our own platform. We offer our customers to leverage this talent by providing limited attack and strategy engagements to inform of penetration testing or vulnerability management.