Big data security challenges for insurers
The Industrial Internet, the Internet of Things (IoT), mobile devices, and network connected sensors (such as connected vehicles) are increasingly drivers for change in the digital economy as is the shift to doing business in the cloud. The word “cloud” conjures up perceptions of unprotected data and a risk that the data could exist outside the country where it originated. This perception of a lack of security has been a major barrier to mainstream adoption, but that is about to change as data integrity standards for data security and information assurance emerge that will make outsourcing to the cloud more secure than in corporate data centers.
We thrive on ensuring that our clients have the necessary knowledge to ensure that their businesses run smoothly. Our skills transfer programmes are both generic and tailor made to suite the requirements of the client. Our team is aware of the fact that the skills gap in companies cannot be the same and has put in place structures to ensure that the specific needs for every client are met.
MorniPac VAPT Process
Vulnerability Assessment and Penetration Testing Process
This webpage helps customers understand MorniPac Penetration Testing service delivery process from start to finish. This will help both new customers trying to understand and learn what to expect and existing customers looking for an updated refresher on our process. Each of these steps is a requirement and cannot be undermined when requesting testing services. If the MorniPac process does not work for you, then we would be very happy to recommend another vendor.
- You contact MorniPac.
- By the request a quote form
- By telephone – +27 839893382 / +27 82 626 2441
- By email – firstname.lastname@example.org
- MorniPac returns contact.
- We will respond via email and request availability for a Skype or conference call.
- We hold our introductory meeting.
- We learn about your needs, business, and reasons for requesting a penetration test.
- We will explain our capabilities, our team, and why we are different.
- It will be time to determine the fit for each other and if you require a proposal.
- We determine what level of service you require (Silver, Gold, or Platinum).
- For Silver services we use the industry standard count based pricing methodology.
- For Gold or Platinum services we will use our unique Attack Surface Mapping (AMAP) Methodology. This methodology requires a $1800.00 – $3500 non-refundable deposit as it takes roughly 5-10 hours to properly diagnose an attack surface. In return we will provide you with a detailed snapshot of your environment that shows all potential attack vectors (not all possible vulnerabilities).
- We build you a custom proposal
- After Count Based Pricing (for Silver) or Attack Surface Mapping (for Gold or Platinum) we will build your custom proposal. (Gold and Platinum proposals produce a level of threat that is slightly elevated from that which you are likely to face in the wild. This is required for true protective benefit. Our CPT proposals are specifically designed to satisfy compliance needs.)
- We hold a proposal review meeting & deliver via pdf.
- After your proposal is generated we will reach out to you to schedule a review via Skype Meeting. This review is mandatory. We will not send the proposal to you without first holding the review.
- During the review we will make certain that the proposal meets your exact needs. We will cover everything from targets, activated threat modules down to pricing and any possible discounts. Any adjustments will be made real-time to ensure that they are done correctly.
- After the proposal review is held and all agree, we will deliver it to you in a PDF format along with our Master Service Contract Agreement. Both documents must be signed and executed in order for services to be scheduled. We are happy to negotiate on either if/as required.
- After the proposal and MSCA are fully executed we will schedule your test start date and kick-off call via email and web service.
- We deliver services as designed
- Your testing will begin on the agreed upon start date. (From this point forward all communications must be directed to email@example.com, not to your sales representative.)
- As testing progresses you will receive status reports.
- As testing progresses, we will record our findings into MorniPac Cyber Security VAPT-Report(our advanced reporting framework).
- When testing is finished we will finalize your report. You will receive an email letting you know that your report is ready. New customers will receive a secondary email with instructions on how to access VAPT-Report.
- We validate your fixes for free
- You can request that we validate your fixes by emailing firstname.lastname@example.org and requesting validation. Validation will be done against the entire report (all findings) one time free of charge.
- As issues are successfully validated we update the report in VAPT-Report in real time. The report becomes a remediation report that reflects your successful remediation efforts.
- If you resolve 100% of the issues that are reported, we will provide you with a certificate of security and a website seal of security.
MorniPac has developed this Request For Proposal (“RFP”) template to help organizations identify and select a quality security vendor to perform professional services work. This also gives an idea of areas and nature of questions organizations should consider asking potential vendors to ensure that a thorough and comprehensive approach to the project will be taken. The main and major areas for a variety of information security projects include:
- External Network Vulnerability Assessment
- Internal Network Vulnerability Assessment
- Web Application Penetration Testing
- Dial-In / RAS Security Testing
- DMZ or Network Architecture Designs / Reviews
- Wireless Network Assessment and Penetration Testing
- Virtual Infrastructure Security Assessment
- Server Configuration Reviews
- Firewall and Router Configuration Reviews
- VPN Configuration Reviews
- Voice over IP Assessments
- Social Engineering Assessments
- Physical Security Reviews
- Software Source Code Reviews
- Application Threat Modeling and Design Reviews
- Information Security Policy and Procedure Development or Review
- Information Security Risk Assessment
- Security Awareness Program Development or Review
- Incident Response Program Development or Review
- Secure SDLC Program Development or Review
- PCI Quarterly Scans
- PCI Report on Compliance Assessment or Gap Analysis