nGran, LLC

Granular Network Security Solutions

Security Testing & Assessments

nGran provides comprehensive data security testing to businesses around the world. Below is a brief listing of the thorough data security assessments we provide. For additional information, click the link button to the right. 

PII Risk Reviews -

NIST SP 800-122 defines Personally Identifiable Information (PII) as any information that is stored or maintained by a company or government entity, such that it can be used to distinguish or trace a person’s identity. This includes names, social security numbers (SSNs), date and place of birth, mother’s maiden name, or other recognizable data records that are linked or linkable to an individual, such as motor vehicle license numbers, phone numbers, service numbers, medical, educational, financial, residential and employment information.

There are many US government and State laws governing the protection of PII that date back to the Privacy Act of 1974 which defines a Code of Fair Information Practice Principles (FIPP) for the collection, maintenance, use, and dissemination of PII about individuals that is maintained in systems of records by federal agencies. In addition, voluntary Privacy Shield rules have lately been established by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

Due in part to the lack of properly constructed vulnerability testing conducted by untrained and automated (i.e. "low-cost") resources used in US companies, many Americans have suffered from repeated releases of their PII from those (stewards) who should have properly protected the breeched systems from online Advanced Persistent Threat (APT) attacks. The Open Web Application Security Project has repeatedly shown that "Sensitive Data Exposure" is and has been in the Top Ten most critical Web Application Security Risks for the past several years, but "plausible denialability" and non-conforming management practices have left multiple online systems exposed to APT PII hacks during that period with minimal consequences for the PII company stewards and executives.

MD5 for downloadable PDF: 6887333DF48486642E8D90820DDCFAEF

PII Risk Review 2017
IoT Secure Network Design Reviews

IoT Secure Network Design Reviews protect your IoT deployment projects long after the network extensions are implemented. Our focus is on designing secure IoT configurations that support your business goals today and are based on relevant industry security standards. By carefully reviewing your desired IoT platform and business objectives, we design a secure IoT solution that fits your business needs and conforms to the latest security standards. The goal of such a review is to evaluate the delivered IoT device configuration, use of system resources, security monitoring and the ability to disable or modify IoT platform components that violate existing security "Best Practices". For further details of this service offering please contact us for the pdf password at

MD5 for downloadable PDF:

IoT Secure Design Reviews
Spear Phish Review:  Spear phishing attacks aimed at an organizations users, are a large source of penetrations that bypass existing controls on Internet facing email servers. Working with you, we customize emails to pre-selected employees that reflect variables such as company department, subject, likely response content, position, "most likely" sender lists and other topics that may attract the attention of any given user. In sending such simulations to your selected users, we work with you to provide customized training if and when a user shows that he or she is susceptible to such targeted attacks. As part of the simulation we also provide attachments that emulate emerging and crafted threats most likely to be downloaded from malicious sites. In this way we can show the efficacy and utility of your existing controls to resist such attacks and reduce the attack surface of your Internet presence. For further details of this service offering please contact us for the pdf password at

MD5 for downloadable PDF: 05BEB3F736B950DE723134C1259EDB55

Spear Phish Review 2017
Security Awareness Training: This service is offered by nGran instructors as a customized set of courses with tracks for General & Administrative (G&A) users, Technical Support as well as Developers. Courses typically run from 90 – 180 minutes in length. nGran will use your company’s Security Policies & Procedures along with your unique set of needs to properly tailor the course materials to your requirements. Demonstrations of “high risk” threats are included for all tracks with useful explanations at the appropriate skill level. In addition, all tracks provide “Best Practice” guidelines based on NIST SP 800-50, CERT & Department of Homeland Defense recommendations. Supplementary course materials include security questionnaires, glossaries, protection tools and approved processes to securely “surf” in today’s Internet environment. For further details of this service offering please contact us for the pdf password at

MD5 for downloadable PDF: DB4FC5097F80B39CEA11DA800058419F

Security Awareness Training 2017
Cyber-Security Weakness Assessments: nGran offers a website application security review service that evaluates the operational risk of a site according to the OWASP ASVS Level 1 & 2 specification. The specific set of vulnerabilities against which Level 1 & 2 verification is measured is shown in the Detailed Verification Requirements of the standard found on the OWASP website and typically includes vulnerabilities that a verifier can identify with manual and automated tools. For further details of this service offering please contact us for the pdf password at

MD5 for downloadable PDF: BEA67111254B2CB97A573C56E891829B

Cyber-Security Weakness Assessments 2017
Malware Behavior Testing: The goal of this type of testing is to judge the efficacy of current AV, Anti-Malware and other security solutions to detect, discriminate and recognize the most egregious attacks from internal and external perspectives. The tests are conducted manually and with a series of non-destructive probes. This review analyzes system, event, and security logs, and associated operations and procedures used in security systems and network management. For further details of this service offering please contact us for the pdf password at

MD5 for downloadable PDF: D5A9EEAE0C0DFCFD315A413401C6C480

Malware Behavior Testing 2017
Vulnerability Assessments and Web Site Security Reviews: Test the strength of access controls for systems and application software of internal and external sites. This service provides a detailed diagnostic of internal and external security controls. For further details of this service offering please contact us for the pdf password at

MD5 for downloadable PDF:

Web Site Security 2017