IT Security, Risk and Compliance Services
mindSHIFT® IT Security, Risk and Compliance Services provide customers comprehensive insight into their network, infrastructure, devices and processes as well as remediation to mitigate risk from security breaches, cyberattacks, rogue employees and to assist them in achieving compliance with federal, state and industry regulations.
Organizations subject to PCI or HIPAA mandates, or needing to meet compliance requirements that adhere to the HITRUST framework should consider mindSHIFT’s IT Security, Risk and Compliance Services.
mindSHIFT provides External Vulnerability Assessment, Penetration (Pen) Testing and Cybersecurity Risk Assessment services under agreements customized for each customer’s needs.
Vulnerability Assessment Services
mindSHIFT will provide External Vulnerability Assessment services on a quarterly basis, or as a one-time service depending on the customer’s requirements.
External Vulnerability Assessment services are comprised of two (2) components:
- Vulnerability scanning and reporting
- Analysis and remediation planning
As part of this service, mindSHIFT scans externally facing assets for vulnerabilities, reports its findings and develops a remediation plan with the customer.
Scanning typically looks for vulnerabilities such as missing patches, outdated software versions, open ports and OS services.
External Penetration Testing
External Network Penetration Testing looks for system or service vulnerabilities that expose systems, applications, or data to unauthorized access. This testing is designed to attack the customer’s network from the outside, simulating an attack by an Internet-based attacker attempting to compromise systems. This service includes network penetration testing of networks and operating systems, as well as commercial-off-the-shelf web applications.
Internal Penetration Testing
Internal Network Penetration Testing looks for vulnerabilities that expose the network, operating systems, applications and other accessible systems from an “insider threat.” This testing simulates an attack by a “rogue employee” or a competitor/cybercriminal.
Cybersecurity Risk Assessments
mindSHIFT offers Cybersecurity Risk Assessments of customer environments that consist of an independent review of a customer’s environment, based on the NIST Security framework, so that the customer understands their exposure to cyber risk. Once cyber risks have been identified, customers are in a position to put controls in place to measure progress in mitigating that risk to acceptable levels and to further reduce cyber risk based on the customer’s priorities.