CSI-2

is your company vulnerable to cyber security attacks?

  • Are you concerned about cyber security?
  • Can you be held negligent or liable if you or someone you are connected to suffers a breach?
  • Are you compliant?
  • Have customers or potential customers asked you how secure you are?
  • If you found out tomorrow you were breached would you know what to do? Who to call? Can you protect your reputation?

cyber security

it's a growing business

The average cost of a SMB data breach is now $117,000 per incident, according to a large study of data breach costs at small to medium sized businesses.
"60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack."
About Us

ABOUT US

CSI’s mission is to provide real and actionable solutions by industry professionals who are experts in their fields. We provide the tools, techniques and advice for designing a successful, integrated security system that anticipates future issues. We want our customers to understand that vulnerabilities of the past should not compromise the networks of the future.

our services

let us help ease your mind

NETWORK PENETRATION TESTING

We provide vulnerability and penetration testing for your wired and wireless networks in accordance with PCI DSS, GLBA, NCUA, HIPAA compliance assessments.

WEB & MOBILE APP PENETRATION TESTING

With a focus on the OWASP secuirty testing standards, web and mobile application penetration testing uses non-disruptive techniques to identify weaknesses in your app code and database layers which could be exploited during an attack.

LEGAL & REGULATORY COMPLIANCE

We view compliance as an opportunity to help make your business more prepared and to lower the risk of a cyber-incident/breach, reduce and/or eliminate the liability associated with loss or theft of information, and protect their reputation, through risk identification, assessment.

LIABILITY & SECURITY RISK ASSESSMENT

We will assess your organization’s information security posture in key areas such as policies and procedures, training, personnel security, access control, patch management, network security, data protection, etc. These findings are then analyzed to identify and highlight areas in need of improvement.

VULNERABILITY REMEDIATION

We prioritize activities based on risk severity, associated cost of the solution, and ease of implementation. As remediation efforts are budgeted and planned for, we assist in the execution of your remediation roadmap with consulting and staff augmentation.

CYBER-SECURITY AWARENESS TRAINING

We assist in creating security awareness programs that increase your employee’s vigilance towards identifying social engineering threats with a focus on understanding considerations unique to your organization’s industry sector and culture.

BREACH PREP & INCIDENT RESPONSE

When your network or website is compromised, prompt action is necessary to effectively contain and recover from the incident. Our consultants are experienced in countering the unpredictable and urgent nature of these events. We have the tools that your organization needs to successfully mitigate breach damages

DIGITAL FORENSICS & E-DISCOVERY SERVICES

Electronic data is created by each of us every day, and it captures our best and worst moments. A phone can tell us where people have been. It can tell us where they have not been. It can tell us who they have been talking to, emailing, or texting. Perhaps, your business is facing an employment dispute, a personal injury case, or other legal situation. Our digital forensics services can provide your organization with a source of significant evidence.

See how this University case study identified the risk and effect of a cyber crime.

The effect of a cybercrime

The effect of a cybercrime

Identifiable intangible assets

  • Loss of intellectual property
  • Loss of personal and/or sensitive data
  • Damage to a company brand and/or reputation

Measurable

  • Cost of countermeasures and insurance
  • Cost of mitigation strategies
  • Cost of recovery from cyber attacks
Information Security & Physical Property

Information Security & Physical Property

Information Security

Registration

  • Personal data for students, alumni, parents
  • Financial assistance
    • Credit / Banking
    • SSN
    • Tax / income statements
      Medical records
  • Sponsorship data / Student grades

Point-of-Sale data
Intellectual property / cutting-edge research

Physical Property

  • R&D
  • University Property
Exploit the Camera for malicious activities

Exploit the Camera for malicious activities

  • Remotely gain root access to the camera, potentially gaining access to the rest of the network
  • Spoofing the DNS server addresses specified in the camera's settings
  • Stealing credentials from camera users
  • Hijack devices using just the IP address and without previous access to the camera or its login credentials
  • Launch a distributed denial-of-service (DDoS)
    • Does the Mirai botnet sound familiar?
Exploit the Camera for control

Exploit the Camera for control

  • Access to live / recorded video and audio feeds
  • Execute remote commands against the camera
  • Gain access to the video stream
  • Ability to freeze streaming
  • Control the camera lens motion
  • Alter the software of the camera
  • Simply rendering the camera entirely useless, leaving the premise at risk
  • Add the botnet to the camera(s)
Findings

Findings

Threat to Assets:

  • DDoS
  • Video tampering
  • Network penetration

Vulnerabilities present in the environment:

  • Technological Obsolescence
  • Out-of-date software / firmware
  • Poor configuration

Evidence of vulnerabilities:

  • Older devices that cannot be patched
  • Default PW on devices
  • Sporadic encryption

Risk summary:

  • Potential exploit of known
    vulnerability
  • Hijacking of camera (streaming,
    recording, audio, visual clarity)
  • Network penetration into information systems

Certifications

• Security Professional (CISSP)
• ​​​​Certified Ethical Hacker
• Certified Incident Handler
• Certified Hacking Forensic Investigator
• DHS: Information Security Certified

Alarm System

Strategic Partners

david-e1585675051139-1

Can you claim you have implemented “Reasonable Security?”

Can your company be breached by hackers? Could you have prevented that breach? If you suffer a breach what are the ramifications: Potential class-action lawsuit or an investigation and fines by a regulatory agency? Assuming you can’t prevent the breach, 1 can you avoid lawsuits by disgruntled customers or investigations by a State Attorney General (AG), the FTC, SEC, HHS, PCI (Purchase Card Industry), etc.? Prevent, probably not, but successfully defend; most likely! The common factor in most of data breach class-action lawsuits as well as investigations by regulatory agencies is the allegation that the breached company failed to implement “reasonable security or protections” to prevent the breach. Logically then, if you implement “reasonable security and protections” you should be able to confidently defend your security practices and actions.

David Willson

CISSP (Certified Information System Security Professional)

How Can We Help?