Browse
Search
2024-308-E-IT Dept-Trustedsec-Penetration testing and cybersecurity consulting
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2020's
>
2024
>
2024-308-E-IT Dept-Trustedsec-Penetration testing and cybersecurity consulting
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/5/2024 8:42:32 AM
Creation date
6/5/2024 8:42:19 AM
Metadata
Fields
Template:
Contract
Date
5/30/2024
Contract Starting Date
5/30/2024
Contract Ending Date
5/31/2024
Contract Document Type
Contract
Amount
$21,500.00
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
41
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Orange County North Carolina <br />TrustedSec Confidential <br /> <br /> 11 <br /> <br />2 Penetration Testing <br />Penetration Testing evaluates the effectiveness of the Information Security programs <br />clients have in place and identifies security deficiencies that could put the organization and <br />its information assets at risk. Penetration Testing is a sanctioned service in which <br />TrustedSec simulates an attacker attempting to circumvent security controls and gain <br />unauthorized access to client systems or facilities. Whether from malicious users, malware, <br />insider threats, or a regulatory compliance perspective, it showcases the potential to <br />impact the business’ ability to generate revenue. TrustedSec's comprehensive <br />methodologies span multiple technologies and security control areas, from physical <br />security, to personnel and procedural security controls, to system and application-level <br />exploitation. Penetration Testing is designed to impact the organization to identify systemic <br />weaknesses within the overall Information Security program. They are great leverage <br />points for the security group to get management exposure and emphasize the importance <br />of critical security programs. <br /> External Penetration Testing <br />External Penetration Tests are conducted from outside the target organization and are <br />meant to test the perimeter defenses by simulating an attacker attempting to gain access <br />from the Internet. This test often begins with Open Source Intelligence (OSINT) gathering to <br />enumerate information about the company and potential systems for attack. Open <br />services are identified and analyzed for vulnerabilities that could be exploited and are <br />provided a means for further access into the network. A low-and-slow methodology is <br />utilized to remain as undetectable as possible to monitoring and detection systems. As the <br />testing progresses, the amount of noise generated is gradually increased to determine the <br />detection threshold, if any. A vulnerability scan is performed in the latter stages of this <br />process to serve as a secondary check for the manual testing efforts. <br /> Internal Penetration Testing <br />An Internal Penetration Test simulates an attacker or malicious insider that has already <br />gained access to the internal network environment. Consultants connect to a designated <br />network jack, or remotely via the TAP device, situated within the user population. <br />Reconnaissance is performed within the direct network segment, determining adjacent <br />hosts to attack. Attempts are made to compromise vulnerable systems, escalate privileges, <br />and compromise the domain. Sensitive information will be located that may expose <br />personally identifiable information (PII), Payment Card Industry (PCI) data, or company <br />trade secrets that could impact the organization's ability to conduct business. <br /> <br />DocuSign Envelope ID: AFDC1276-5BF5-4129-B1DC-BCD00B65C8BC
The URL can be used to link to this page
Your browser does not support the video tag.