nGran, LLC

Granular Network Security Solutions - 978.519.9809

Security Testing & Assessments

nGran provides comprehensive data security testing to businesses around the world. Below is a brief listing of the thorough data security assessments we provide. For further details on all service offerings please contact us for the pdf open password at info@ngran.com.

PII Risk Reviews -

NIST SP 800-122 defines Personally Identifiable Information (PII) as any information that is stored or maintained by a company or government entity, such that it can be used to distinguish or trace a person’s identity. This includes names, social security numbers (SSNs), date and place of birth, mother’s maiden name, or other recognizable data records that are linked or linkable to an individual, such as motor vehicle license numbers, phone numbers, service numbers, medical, educational, financial, residential and employment information.

There are many US government and State laws governing the protection of PII that date back to the Privacy Act of 1974 which defines a Code of Fair Information Practice Principles (FIPP) for the collection, maintenance, use, and dissemination of PII about individuals that is maintained in systems of records by federal agencies. In addition, voluntary Privacy Shield rules have lately been established by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

Due in part to the lack of properly constructed vulnerability testing conducted by untrained and automated (i.e. "low-cost") resources used in US companies, many Americans have suffered from repeated releases of their PII from those (stewards) who should have properly protected the breeched systems from online Advanced Persistent Threat (APT) attacks. The Open Web Application Security Project has repeatedly shown that "Sensitive Data Exposure" is and has been in the Top Ten most critical Web Application Security Risks for the past several years, but "plausible denialability" and non-conforming management practices have left multiple online systems exposed to APT PII hacks during that period with minimal consequences for the PII company stewards and executives.

MD5 for downloadable PDF: E0537D65418740BC8E32435A287B5182


PII Risk Review 2017
IoT Secure Network Design Reviews

IoT Secure Network Design Reviews protect your IoT deployment projects long after the network extensions are implemented. Our focus is on designing secure IoT configurations that support your business goals today and are based on relevant industry security standards. By carefully reviewing your desired IoT platform and business objectives, we design a secure IoT solution that fits your business needs and conforms to the latest security standards. The goal of such a review is to evaluate the delivered IoT device configuration, use of system resources, security monitoring and the ability to disable or modify IoT platform components that violate existing security "Best Practices".

MD5 for downloadable PDF:
03D2B9F6AFC34E8F4C483A5F7BF26D90


IoT Secure Design Reviews
Spear Phish Review:  Spear phishing attacks aimed at an organizations users, are a large source of penetrations that bypass existing controls on Internet facing email servers. Working with you, we customize emails to pre-selected employees that reflect variables such as company department, subject, likely response content, position, "most likely" sender lists and other topics that may attract the attention of any given user. In sending such simulations to your selected users, we work with you to provide customized training if and when a user shows that he or she is susceptible to such targeted attacks. As part of the simulation we also provide attachments that emulate emerging and crafted threats most likely to be downloaded from malicious sites. In this way we can show the efficacy and utility of your existing controls to resist such attacks and reduce the attack surface of your Internet presence.

MD5 for downloadable PDF: D24DF25629649894150CE1F24FD9A163

Spear Phish Review 2017
Security Awareness Training: This service is offered by nGran instructors as a customized set of courses with tracks for General & Administrative (G&A) users, Technical Support as well as Developers. Courses typically run from 90 – 180 minutes in length. nGran will use your company’s Security Policies & Procedures along with your unique set of needs to properly tailor the course materials to your requirements. Demonstrations of “high risk” threats are included for all tracks with useful explanations at the appropriate skill level. In addition, all tracks provide “Best Practice” guidelines based on NIST SP 800-50, CERT & Department of Homeland Defense recommendations. Supplementary course materials include security questionnaires, glossaries, protection tools and approved processes to securely “surf” in today’s Internet environment.

MD5 for downloadable PDF:
6E48599FE45EB1DAA9774DC81C730408

Security Awareness Training 2017
Cyber-Security Weakness Assessments: nGran offers a website application security review service that evaluates the operational risk of a site according to the OWASP ASVS Level 1 & 2 specification. The specific set of vulnerabilities against which Level 1 & 2 verification is measured is shown in the Detailed Verification Requirements of the standard found on the OWASP website and typically includes vulnerabilities that a verifier can identify with manual and automated tools.

MD5 for downloadable PDF: C0304052233F8B9BB61420E576260210

Cyber-Security Weakness Assessments 2017
Malware Behavior Testing: The goal of this type of testing is to judge the efficacy of current AV, Anti-Malware and other security solutions to detect, discriminate and recognize the most egregious attacks from internal and external perspectives. The tests are conducted manually and with a series of non-destructive emulations. This review also analyzes system, event, and AV/AM security logs, and associated operations and procedures used in security systems and network management.

MD5 for downloadable PDF: 046F85DD8EC51990DC206DFA34159C89

Malware Behavior Testing 2017
Vulnerability Assessments and Web Site Security Reviews: Test the strength of access controls for systems and application software of internal and external sites. This service provides a detailed diagnostic of internal and external security controls.

MD5 for downloadable PDF:
2770BF5310A91C55C34AA8391E88C0FB

Web Site Security 2017