©2019 Cervais, Inc. All Rights Reserved.

SECURITY SOLUTIONS

Cervais’s Cyber security solutions can help an organization develop, improve or communicate security and privacy strategy. From risk assessments and compliance reviews to certifying new devices and developing security policies, we’ve got your back with a full suite of Cyber security services.
Cervais Cyber Risk and Vulnerability Assessments

Our Cyber Risk Program is designed to provide an objective review of your ability to prepare for, recognize and respond to today's IT security threats

Cervais Cyber Security Architecture and Design

The importance of protecting your business from cyber threats, these threats can come at you from any direction – both physical and virtual and you need to be prepared

Cervais Cyber Security Policy and Compliance

Ensuring your people work together to adhere to corporate policies and guidelines

Cervais Cyber Defense

Ensure resilience into your organization around all of your importance assets including mobile devices, cloud and the Internet of Things

Cervais Cyber Attack Penetration Testing

Protect your network, your data and other resources from cyber attacks

Cervais Cyber Transformation

Adoption of an intelligent, secure, agile infrastructure helps organizations anticipate, stay ahead of and react to market changes to remain competitive.

Need more information regarding our solutions: 1-800-876-6533
 

Features

We help our customers identify risks and determine if their current and planned security mechanisms will mitigate those risks. We perform threat and vulnerability assessments, a systematic examination of security in order to determine the adequacy of security measures. Identify security deficiencies, and provide data from which to predict the effectiveness of proposed security measures. The objective is to identify and quality the protective measures and controls that are prescribed to meet the security requirements of the customer. Services include:

  • Risk Assessments – utilizing leading security risk assessment methodologies to identify business and technology risks, and can includes quantitative risk analysis.

  • Vulnerability Assessments – interviews and testing designed to locate and prioritize vulnerabilities in the client’s environment utilizing guidelines such as NIST, ISO 17799 and other frameworks.

  • Security assessments for individual technologies – platforms, wireless, voice, network, email, applications, using Cervais’s Information Security Framework. These components can be executed individually or as part of a larger vulnerability assessment.

  • External and internal penetration testing.

  • Regulatory compliance reviews – NIST, Sarbanes Oxley, PCI, JIPPA, GLBA, and Industry Guideline’s.

  • Enterprise security reviews – designed to assess security across the enterprise, encompassing many aspects of vulnerability assessments but on the wider scale.

 

Features

We work with the customer to craft a framework that will fulfill current and future operational needs, whether the operating environment is distributed, heterogeneous or proprietary. We architect solutions for individual workstations, networks, mainframes or total operating environments and ensure tight integration with the customer’s established plans and policies. Other areas include:

  • Network Security

  • Assessment and Authorization

  • Technical security controls

  • Physical and environmental controls

  • Vulnerability Management

  • Virus Protection

  • Information classification and management

 
 

Features

Your reputation is one of your most valuable assets. Every day, hackers, phishers and other malicious attackers are trying to compromise your data. Even if the initial financial cost of stolen customer data is small, it’s the negative press and the ensuing reputation loss that can create incalculable losses to customer relations.
In an effort to protect customers, the government has instituted regulations including Sarbanes-Oxley, SEC Rule 17a-4, NASD – 3010, and the Gramm-Leach-Bliley Act that require compliance. Cervais understands the new and evolving issues for finance and insurance companies. That’s why we’ve packaged a complete solution known as the Cervais Security and Compliance Solution.

The Cervais Security and Compliance Solution helps maintain your organization’s security by uniting essential ingredients of perimeter protection and message archiving for business continuity and compliance purposes. Do away with piecemeal approaches that are expensive and complicated to maintain. With Cervais, there’s only one vendor to call for the design, implementation, configuration, testing and ongoing support. Other Services include:

  • Security policies and practices

  • Risk Management and governance

  • Personnel security controls

  • Security and privacy management

  • Security awareness and training

Features

Cervais’s Cyber Defense services is based off the CERT Resilience Management Model and follows the recently established NIST Cybersecurity Framework. It is a voluntary, non-technical (to an extent) assessment to evaluate the operational resilience and Cybersecurity capabilities of an organization. We do this by examining an organization’s Cybersecurity resilience practices across ten domains:

  • Asset Management

  • Controls Management

  • Configuration and Change Management

  • Vulnerability Management

  • Incident Management

  • Service Continuity Management

  • Risk Management

  • External Dependency Management

  • Training and Awareness

  • Situational Awareness

 

Features

Penetration Testing (or pentests for short) is a real-life test of trying to utilize known (and sometimes unknown) exploits, social engineering and other techniques and attacks to gain access to resources and data inside an organization that should be protected from unauthorized access. These tests are used to determine what systems are vulnerable to attack before an actual attack happens, so that an organization can close those gaps or mitigate the risk associated with known and unknown vulnerabilities.

Penetration Testing is an involved process that organizations need to discuss with professionals to understand the ramifications of such tests. The level of which the test should be done, the rules of engagement behind the test and the duration if the test are base items that need to be understood and agreed to before any testing actually starts. Penetration tests are not just to see if someone can “hack” your organization. A professional penetration test is about identifying, and mitigating business risk associated with a cyber-attack.

Cervais provides both penetration testing services and penetration test consulting services, assisting our clients with understanding not only the value behind a test, but the intricate details behind the testing, including, but not limited to:

  • Whitebox/blackbox testing

  • Understanding and explanation of Scope

  • The implications of currently implemented deterrent technologies on pentests

  • Determination of the systems that should be tested

  • Understanding the rules of engagement and explanation of why they are important

  • Clear definition of the time allotted for testing and its importance to scope

 

Features

In today’s connected world, cyber-attacks can happen just about anywhere. And especially with the explosion of the IoT, security needs to be everywhere, too. That’s why many top business leaders are making cyber security a critical part of their overall business strategies.

 

But without the right organization behind it, a strategy is just a strategy. For cyber investments to payoff, you need the know-how, skills and tools to translate strategy into action.

 

Cervais’s Cyber Transformation team helps companies execute their cyber agendas and realize their cyber goals by building and improving internal processes and technology environments. By guiding organizations like yours through large and complex cyber initiatives, we help create successful cyber programs that dramatically improve security posture and enable—not encumber—the business.

 

With rigorous approaches and deep experience, we focus on solving four major transformation challenges facing cyber security leaders:

  • Governance, Risk Management and Compliance - If you’re grappling to keep pace with emerging cyber threats, comply with tough global security requirements, and keep your stakeholders and the public happy, too, you may be in the market for security GRC software. We help organizations select, implement and leverage the right GRC tool to improve oversight and resilience and ease the compliance burden.

  • Program delivery - As cyber investments increase in both size and importance, so does the challenge of successfully executing the cyber security portfolios. We assist organizations with especially large and complex cyber security programs embed new processes and technologies into their environment in a sustainable manner. Our services include strategy, portfolio management, and service improvement.