Net Compliance Solutions
Security Management Services
Net Compliance Solutions offers security services designed to help our clients implement high value strategic security initiatives based on a thorough understanding of the clients current security environment as it compares to "best practice" security guidelines and regulatory compliance standards.
In addition, NCS offers high value security services that address specific issues concerning internal and external networks, web applications, regulatory compliance, and incident response.
NCS Services include:
- Strategic Security Assessment (SSA)
- Gap Analysis
- Network Vulnerability Management
- Penetration Testing
- Code Review
- Malware Protection
- Phishing Protection
- Wireless Vulnerability Analysis
- PCI Standards Services
- Log Monotoring & Management
- Incident Response
Strategic Security Assessment
The Strategic Security assessment service is designed to help clients move from a technology driven to a strategic management driven security plan.
We help our clients determine where they are, where they need to be, and implement a strategy and detailed plan to get them there.
We measure against general security standards such as ISO 17799 and CoBit and regulatory standards such as Sarbanes-Oxley, GLBA, HIPAA, FISMA, and the PCI Standards
Gap Analysis
A subset of Strategic Security Assessment, our Gap Analysis service provides specific information regarding the current state of a clients security function compared to the individual requirements of a particular regulatory standard. Detailed reports with recommendations by line item are produced. SOX Gap Analysis, GLBA, Gap Analysis, HIPAA Gap Analysis, PCI Gap Analysis, ISO 17799 and CoBit Gap Analysis are some of the services available.
Network Vulnerability Management
NCS offers a complete vulnerability management service that includes periodic internal and external network scans. The service provides scans on-demand with no hardware to install or maintain. The service provides detailed reporting summarizing the severity of discovered vulnerabilities. Fixes for each vulnerability are presented in sufficient detail to implement corrective action.
Penetration Testing
Penetration Testing services are available to fully test web applications to include a detailed examination of both the network layer and the application layer. This is especially useful in fully testing critical web applications to discover flaws in the network and application layer that could be exploited by a hacker
PCI Standards Compliance Service
The PCI Standards Compliance Service is designed to help merchants and service providers conform to the requirements of the PCI Standards. Depending on the needs of the client, the service includes a detailed PCI Gap Analysis, Self-Assessment Questionnaire guidance, quarterly vulnerability scans, annual penetration testing and wireless vulnerability analysis.
Wireless Vulnerability Analysis
NCS provides services to discover, monitor, and prevent un-authorized access to wireless environments.
Incident Response
NCS Incident Response service assists clients in formulating an incident response policy and procedures manual with special emphasis on the public facing portion of the incident response process, that part of policy which deals with law enforcement, media, customers, pr agencies, etc.
Scans
We conduct in-depth vulnerability scans of both INTERNAL and EXTERNAL networks which identify critical vulnerabilities.
Internal scans (inside the firewall) can be performed on a stand-alone basis but usually they are combined with the external scans to give a complete picture of the combined networks. External scans are often done to examine the security of an organizations informational or commercial web sites. These can be analyzed on a stand-alone basis. It is quite common to do this for smaller merchants that wish to comply with the MasterCard and Visa security requirements as specified in the PCI Standards.
External (web site) Scan includes:
- Full in depth vulnerability scan of all public facing IP addresses.
- The analysis includes full perimeter mapping and is run remotely
- Executive Summary and Vulnerability Grading Report
- Remote Technical Support
- Optional On-site remediation
- Optional 2nd run for Certification
- Certification Statement
Combined (full internal and external) Vulnerability Scan includes:
- Complete mapping of the network
- In-depth Scan and Analysis
- Executive Summary and Vulnerability Grading Reports
- Remote and On-site remediation support
- Additional Certification/Compliance Scans
- Annual Certification Report
Remediation
We provide remediation assistance remotely and on-site to correct network vulnerabilities.In addition, NCS provides consulting, education, and other support programs.
Customers who wish to embrace full 3rd party audit and certification procedures will have a certain number of on-site support days made available to them according to the security package they acquire.
Customers who prefer to implement the vulnerability fixes on their own, may contact our staff who will be available for consultation via telephone or e-mail