The team has collectively provided security-related solutions to hundreds of financial institutions, healthcare providers, municipalities and many businesses in their mission to safeguard critical information across all types of media. With customized programs based on the size and complexity of the client’s corporate structure, we offer a wide range of strategies that meet the latest regulatory requirements and security threat environments which signify risk to the success of your organization. Team SSTech is the ideal partner to meet the dynamic challenges of information security and compliance.
Team SSTech’s solutions encompass compliance with guidelines set down by numerous private and governmental agencies. These include, but are not limited to: Gramm-Leach-Bliley Act - FFIEC, NCUA Reg 748 - FDIC, OCC, SEC, FINRA and other agency guidance - HIPAA Security Rule 45 CFR Parts 160 & 164 - HITECH Act - OCR - American Land and Title Association (ALTA) Best Practices Pillars 1 – 7
The Team utilizes a wide range of methodologies, including, but not limited to, the following: NIST SP 800-30, 800-53, 800-53(A), 800-66 - NIST Cybersecurity Framework - FFIEC Cybersecurity Assessment Tool - CIS Critical Security Controls - OWASP - ISO 27001
As part of Team SSTech’s comprehensive review of the client’s existing information security environment, the Cybersecurity Risk Assessment is performed to characterize the organization’s cybersecurity posture in relation to the NIST Cybersecurity Framework. As part of this proprietary assessment process, a baseline for the current state of risk is defined and validated through the use of a combination of the NIST Cybersecurity Framework, various industry standards and Team SSTech’s best practices. In addition, Team SSTech evaluates all components and sub-components of the client’s information architecture as they relate to the five cybersecurity maturity domains, and delivers a custom report that includes precise details surrounding each assessment discovery. The Cybersecurity Risk Assessment helps our clients prepare for regulatory cybersecurity scrutiny, and positively enhances their cybersecurity posture.
Web App Assessment
Team SSTech employs numerous automated and manual checks to identify web application vulnerabilities, and, in doing so, utilizes a combination of commercially available tools and licensed software. Subsequently, our consultants exploit discovered findings via both manual and proprietary techniques, and test security attributes as they relate to functionality, usability, interface and compatibility. Externally-facing application testing is also performed, incorporating OWASP Top 10 guidelines to evaluate potential vulnerabilities in web-based environments. Because these threats are continuously evolving, we encourage our clients to re-assess their web application security status at regularly-scheduled intervals.
Vulnerability Assessment & Pen Testing
Internal & External Vulnerability Assessment and Pen Testing may be one of the most important information security initiatives an institution can undertake. Team SSTech is well known for top-notch internal and external assessment work, applying a combination of higher learning, industry-best software and an intimate familiarity with the systems that surround financial institution infrastructure to attain an informed and meaningful assessment.
Our advanced abilities to communicate and impart knowledge to the client lends itself well to these assignments. Through the efforts of our highly-credentialed technicians who are tasked with evaluating and understanding the organization’s entire network topology and configuration landscape, clients are assured that Team SSTech delivers thorough assessments and analysis across all critical network assets.
Our process and documentation measures give our clients complete confidence that the assessment is performed to the highest of standards. Assessment findings are re-validated, and all reports are presented in clear and concise language. Likewise, remediation advice is readily identified. Team SSTech always follows the client’s preferences in conducting internal and external assessment work, and maintains the common goal of providing repeatable methodologies that conform to regulatory guidelines.
By maintaining and constantly updating our knowledge base as it relates to regulatory and compliance issues, Team SSTech provide our clients with a comprehensive combination of services and solutions. These include: Information Security Policy and Procedure Review, Development, and Maintenance - Information Security Awareness Training - Incident Response Plan - Business Continuity Plan and Disaster Recovery Plan - Business Impact Analysis.