This assessment tests your facility by attempting to exploit weaknesses in physical security controls. Experienced Cisco Security consultants use a library of custom and industry-standard methodologies to gain intelligence about the physical target and relevant personnel. They perform a site survey of the location’s access-control mechanisms, and review physical security procedures. Next, they identify security defenses for circumvention and pinpoint system trust and personnel, and develop a plan to achieve mission objectives. They also use a tailored physical attack kit during the exploitation and post-exploitation phases. Some of the techniques used can include fake identities (such as badges and business cards), lock picking, tailgating, social engineering, and more. When complete, they analyze the findings and provide a Physical Security Assessment Report.

Benefits

• Know the effectiveness of your physical security measures
• Understand where your training efforts need improvement
• Receive remediation recommendations for discovered gaps from Cisco Security experts

Wireless Security Assessment evaluates the deployment of your wireless environment for vulnerabilities at one building. Security weaknesses discovered can be demonstrated by exploiting them after you provide approval. As part of this service, Cisco Security consultants perform an analysis to enumerate wireless access points for vulnerabilities, and assess the risk of wireless devices by attempting to identify wireless clients that bridge wireless networks to the corporate network, wireless clients that commonly join insecure wireless networks, and weak authentication configurations (such as disabled certificate validation). They also evaluate the overall wireless deployment, including administration, network connectivity and segmentation, access point configuration, authentication, and encryption. With the results in hand, they identify, validate, and rank vulnerabilities based on associated risk. The final report you receive includes prioritized findings and details on the issues discovered.

Benefits

• Experience a clear demonstration of real-world attack
• Identify rogue access points and devices
• Understand your security posture from an attacker’s perspective
• Get a validated list of wireless configuration vulnerabilities, including poor segmentation

From a remote location, the Social Engineering Assessment identifies your staff who require additional security awareness training. Alternately, the service team can obtain generalized security awareness training success metrics that do not identify individuals (i.e., anonymized results). The testing may use text- or voice-based communication mechanisms, such as email, instant messaging, phone, and fax, to convince individuals to compromise security in a controlled environment. Using best practices and industry standards, the service team identifies exposed users, and develops up to four phishing campaigns designed to convince targeted users to perform various types of actions that put systems and data at risk. They also develop voice-based testing and attempt to solicit sensitive information by trying to convince your personnel to perform actions on behalf of the caller.

Benefits

• Understand your organization’s security weaknesses
• Measure the effectiveness of your security awareness program
• Understand real-world risks that go beyond software vulnerabilities

Information Security Risk Assessment and Program Development identifies, assesses, and recommends mitigation for strategic and operational security risks that may affect your business. It includes review of business and IT strategies to determine relevant information security risks that threaten the achievement of your defined strategies. Using Cisco Security intellectual capital, the assessment works to identify critical risks through a mix of strategic expert analysis, documentation review, interviews, controlled observations, and facilitated risk assessments. Based on your business priorities and an understanding of your risk tolerance, the service team develops a custom information security risk profile and remediation roadmap that shows risk treatment options and maps recommended initiatives over time.

Benefits

• Minimize information security risk and extend IT value
• Get higher visibility into your operations and infrastructure
• Enhance security flexibility
• Improve business and IT strategy alignment
• Increase agility to quickly support new and changing business conditions

Cisco’s Enterprise Security Advisor (ESA) provides an experienced advisor who provides expert assistance to drive execution during the design, development, and deployment of a new security architecture. During this time of significant change, the role of the ESA becomes vital to ensuring the alignment of your security program and initiatives with business goals. They also advise on defining the security architecture for the infrastructure environment, and ensure that the security policy is properly designed, implemented, and enforced. Your advisor provides ongoing execution, strategy, and leadership support for the implementation of security roadmaps and architecture, using a flexible support and delivery model where deliverables and activities are defined according to business need. The service may also be used for security advisory staff augmentation and interim Chief Information Security Officer (CISO) scenarios.

Benefits

• World-class security expertise, available when you need it
• More than 30 years of industry experience and Cisco intellectual capital to draw upon
• Augmentation of your staff without the expense of hiring someone full-time