Whether your organization has a network of three devices or three thousand, there is one reality that must be dealt with — new information and network security risks are being introduced every day.
These risks, combined with ever more complex regulatory environments, require comprehensive security assurance programs targeted towards safeguarding your intellectual property as well as client and employee data.
Digital Defense (DDI) has created a multi-faceted program to ensure that organizations can address the security risks in today's environment. DDI's program is available at three service levels
We developed these programs using industry standards and regulatory body-approved tools and methodologies such as OCTAVE® and NIST. Each program contains service frequencies customizable to meet client requirements.
| Secure Assurance Programs: | Base | Premium | Managed |
|---|---|---|---|
| On-site Risk Assessment |  |
|
|
| Internal and External Vulnerability Scanning | |
|
|
| External Penetration Testing | |
|
|
| Annual On-site Security Consulting | |
|
|
| Frontline Solutions Platform | |
|
|
| Examiner Compliance Handbook | |
|
|
| Formal Out-brief Session | |
|
|
| Workflow Management Tool | |
|
|
| Annual Remote Social Engineering | |
|
|
| Security Policy Management System | |
|
|
| Security Awareness Training | |
|
|
| Personal Security Analyst/Analyst On Demand | |
||
| Custom Reporting | |
||
| Remediation Project Management | |
A DDI Security Analyst will lead an on-site risk assessment utilizing the DDI Enterprise Risk Assessment tool. DDI will identify and document organizational assets, asset storage, threats and risk mitigation plans. The tool will be populated with the results of the risk assessment and after the project, will remain at the client's location for future use in subsequent risk assessment efforts.
DDI Vulnerability Scanning Services (VSS) are a cornerstone element of any information security program. Full Network VSS are used to protect your information assets by evaluating the security posture of the IP devices connected to your computing networks across the globe on an individual IP or enterprise-wide basis. Each of the Secure Assure programs includes a Full Network VSS specific to the selected program.
External Penetration testing goes a step further than VSS by allowing you to see the potential consequences of a skilled attacker exploiting system weaknesses. A certified DDI security analyst performs a review of the exploitability of network security vulnerabilities detected on your network and will attempt to "Capture the Flag" until the network is compromised.
A certified DDI security analyst will work on-site with the client organization to evaluate, document and report on the current compliance status of the most commonly accepted security practices seen in peer organizations within the client's market vertical. In addition, we provide the client with access to a secure web portal that allows them to track and monitor issues found to be out of compliance and to use this as evidence of their remediation efforts.
DDI will provide the FSP, which will contain all testing and assessment results as well as track remediation efforts. The system is available 24/7 and is available via a web-based, secure, client portal.
DDI will provide you this handbook and annual updates to assist you in your information technology regulatory examinations. The handbook includes information pertinent to your organization's compliance status, current security posture of your network, security awareness of your staff, your remediation efforts and your commitment to your clients/members in raising their level of security consciousness.
On-site or Remote Out-brief Session At the client's request, DDI will perform an out brief to review results of the completed security assessments included in the Secure Assure Base program.
The Premium program combines the following features with the elements of the Secure Assure Base service.
DDI will complete an annual remote social engineering assessment using telephone calls and/or emails to attempt to solicit client confidential information. This provides an accurate representation of your employees' security awareness, since they will typically not realize they are the focus of an evaluation.
DDI will provide a security policy management system utilizing DDI's FSP. DDI will provide template policies for client specific customization and the system will provide version control, handbook and policy creation and assignment by department and/or employee. Reporting of policy review and acceptance is included within the system.
DDI will provide the client the Network Security Awareness Training (NSAT) and the Training, Education and Awareness (TEAM) programs to advance and maintain education and awareness for employees and/or customers on security topics and challenges.
DDI will provide a report that compares and contrasts the client security environment to other organizations and industry best practices. The report will allow the client to ascertain where security improvements might be realized and/or to track progress with internal security efforts.
The Managed program combines the following features with all the elements of the Base and Premium services.
DDI will assign a certified security analyst to oversee all assessment and remediation activity on behalf of the client. The client will have telephone access to the DDI security analyst group in order to provide support on an "as needed" basis.
DDI will provide customized reporting to communicate ongoing efforts and security information in a visual and highly effective manner.
DDI will provide remediation project management in accordance with NIST SP800-40 to provide optimal client application of remediation resources and remediation efforts.