© 2017 CYBREYE, All rights reserved.

  • White Twitter Icon

Follow us:

CYBER SECURITY

AUDITING

Cybreye evaluates using vendor and industry standards. The security assessment checks are used to identify deltas in the scope, asset configurations and services.

 

The security audit phase answers the question:

 

Will weaknesses discovered during the security assessment negatively impact an IP asset's ability to comply with vendor or industry standards?

 

Weaknesses detected during the security assessment are filtered and suppressed providing this does not have direct bearing on the vendor or industry standard compliance is measured to.

 

It is important to note that organization specific standards can be created per customer. The security audit then becomes specific to the organization’s IT values e.g. OS build standard or IT Security Policy.

AUDITS
Application and OS

Cybreye audits desktop and server applications against standards including DISA STIG, CIS, and vendor recommendations.

We have policies for applications such as Adobe Reader, browsers, business productivity tools, and anti-virus. It also includes IT-hardening audit policies for server applications, such as Apache and IIS, as well as for architectures and frameworks such as VMware ESX/ESXi and Tomcat.

Operating system audits include access control, system hardening, error reporting, security settings, and more. We test configurations against many industry and government policies

 

Network Infrastructure

Perform configuration audits of Unix and Windows servers to test for specific policy settings.

Standards

Perform configuration audits of Unix and Windows servers to test for specific policy settings. Supported configuration audit policies include:

 

  • Anti-virus vendor audits

  • CERT recommendations

  • CIS best practice guides

  • PCI DSS

  • NSA best practice guides

  • NIST SCAP and FDCC content

  • HIPAA profiles

  • GLBA guidelines

  • DISA STIGs

 

 

Database     

Audit the configuration of databases as well as the underlying operating systems for a complete database audit. Our audit policies cover many best practice standards, including DISA STIG and CIS.

Content

Identify and monitor sensitive data at rest and in motion. CYBREYE create dynamic lists of all FTP servers, web servers, and email servers. We identify classes of servers such as "web servers that host PDF files" or "FTP servers containing movies."

We can search hard drives of Windows, UNIX or Linux systems for files containing specific content, including: 

  • Credit cards, ID Numbers, and driver's license numbers

  • Spreadsheets with financial, employee, and health data

  • Banking account detection

  • Adult media

  • Confidential corporate information

  • Files and browser records

  • Software source code

  • Words within documents such as “SECRET," "PROPRIETARY," or "CONFIDENTIAL"