Abacode Solutions for the Public Sector
-
Security Framework & Risk Assessment
Activities
- Perform a
comprehensive assessment of the Client's
- Security program in
accordance with framework controls
- Security risk
management effectiveness
- Compliance
requirements
Deliverables
- Risk
Register
- Security Framework & Risk Assessment Report including gaps and risks
-
Policy Review & Development
Activities
- Determine the
specific policies that apply to the business
- Create policy
documents in accordance with best practices and that integrate the specified
framework in the Scope section
- Review the
organization's existing policy documentation and incorporate them into new
policies
- Document company
positions through new policy documents
Deliverables
- Formal cybersecurity and/or compliance policies that reflect the organization's
business environment and are ready to be integrated for company-wide use
- Policy review summary meeting
-
Control & Process Mapping
Activities
- Develop tailored
control and process implementation guidance to meet security and compliance
requirements
- Working session to
identify tasks to assign in the compliance portal.
Deliverables
•
Implementation and compliance management tasks will be entered into Compliance Portal
-
Compliance Management Services
Activities
- Perform ongoing
compliance management tasks such as:
- Pre-loading all
compliance requirements in GRC Portal for ongoing compliance management
- Documenting closed
and completed implementation gaps
- Setting up and
monitoring alerts through GRC Portal to escalate out of date requirements to
maintain compliance
Deliverables
• Compliance
reporting
-
Abacode Compliance Portal
License: Abacode Compliance Portal - Standard Edition
- Includes Single
Sign-on (SSO) for added security
- Includes Task Pack
Deliverables
- Includes
Single Sign-on (SSO) for added security
- Includes Task Packs
-
Network Vulnerability Assessment
Activities
- Configure and
deploy electronic scanning tools (e.g., Nessus Professional, Tenable.io, Qualys, etc.)
- Perform resource
discovery and mapping (enumerate systems, services, applications, etc.)
- Perform manual
review of findings and provide recommendations for mitigation beyond what is
provided by the vulnerability scanner as applicable
- Report presentation
to discuss the findings and recommendations for security best practices
Deliverables
- Internal & External Network Vulnerability Assessment Report including:
- Executive Summary
- Analysis of Findings
- Recommendations for Mitigation
- Detailed listing of open ports and services
- Detailed listing of vulnerability to asset mapping
- Out-briefing Presentation
- Note: Out-briefings will often be combined if other penetration testing or
vulnerability assessment services are included as well.
-
Network Vulnerability Scan
Activities
- Conduct remote
scan of external network to identify vulnerabilities
Deliverables
- Executive Summary
- Detailed listing of vulnerability to asset mapping including recommendations
for remediation
- Detailed listing of open ports and services
-
Network Penetration Test
Activities
- Perform remote
penetration test of internal and external networks to identify and exploit
vulnerabilities
- Install VM in
Client's environment to conduct testing
- Typical
methodology:
- Pre-Engagement
Phase (Kick-off meeting, Information Gathering, Establishment of Rules of
Engagement, Reconnaissance, Foot-printing, Finalization of Engagement Plan)
- Engagement Phase
(Environment Scanning, Penetration Test Activities, Vulnerability Exploitation)
- Post-Engagement
Phase (Data Evaluation, Report Assembly, Report Drafting, Report Finalization,
Out-brief meeting)
Deliverables
- Network Penetration Test Report including:
- Executive Summary
- Analysis of Findings
- Recommendations for Remediation
- Out-briefing Presentation
- Note: Out-briefings
will often be combined if other penetration testing or vulnerability assessment
services are included as well
-
Managed Professional Services - Managed Training
Activities
- Implementation and
configuration of the Cybersecurity Awareness Training and Phishing Platform
- Monthly interactive
video training sessions with reporting
- Monthly Tailored
Phishing Campaigns (Up to 3 per month) with reporting
Deliverables
- Monthly
Analytics Report (demonstrating deliveries, opens, click-through, etc.)
- Monthly Interactive Video Training Report
-
Cybersecurity Awareness Training - KnowBe4 - Diamond - Three Year - Per Employee (3-Yearly)
License: KnowBe4 Security Awareness Training Subscription - Diamond -
3-Year
-
Cyber Lorica™ 24/7 Solution
Activities
- Configure, tune,
and commence baseline of SIEM/XDR solution
- Collaborate with
Client to setup log forwarding from requested log sources (e.g., firewalls,
routers, switches, servers, endpoints, cloud environments, endpoint protection
solution, internet gateway solution, VPN, etc.) to the SIEM/XDR solution
- Sensor Implementation
- Install and
configure SIEM/XDR solution sensor(s)
- 24/7/365
cybersecurity monitoring of the Security Information and Event Management
(SIEM) / XDR solution from Abacode's Security Operations Centers (SOC)
- SOC 1: Tampa, FL |
SOC 2: Las Vegas, NV
- 24/7/365
eyes-on-glass operational
- All US Citizens
- Tiered escalations
and triaging of events
- Incident
escalations following escalation procedures
Deliverables
- Client Service Manual
- Includes the Cyber Lorica Incident Response / Escalation Plan
- Monitored Asset List
- Baseline Report
- Standard Weekly SOC Activity Report which includes a list of:
- Alarm Summaries (e.g., Intent, Strategy, Method)
- Alarm Priority Levels
- Attack Sources
- Attack Destinations/Targets
- Documented remediation steps to mitigate escalated alarms
- Email and phone escalations of incidents with recommendations for remediation
- Proactive threat-feeds to reduce the risk of compromise due to global zero-day
events