Case Study: Penetration Testing for Large Utility Provider
Background on Client: Client Is a major utility located across the US that employs over 5000 professionals who provide regulated water services and other related services across the US.
CHALLENGE
The client was in need of a 3rd party risk assessment services for their internal continuous improvement. Client needed a security service provider to handle internal and external network penetration testing, phishing security testing and web application penetration testing services. By conducting these surveys, they could better assess their internal and external network from hackers and other security intrusions. The risk of a breach and losing data would have severely impacted the client’s operations, but also could have resulted in harm to their customer base and also internally to their employees. Client could face additional fines and penalties should a breach occur.
RESULTS
Client now has tips on the areas of where the potential threats were, and specific improvements were noted and addressed. Frontier Technologies advised the client to investigate an aggressive mode for vulnerability and risk and continue to follow industry best practices regarding their security and perimeter. They should continue to update their internal and external systems to ensure multi-layered defenses are current and up to do date to meet strategy. Finally, they were advised to practice continued user awareness when they are clicking links in emails or on the web.
SOLUTION
Client engaged Frontier Technologies to complete their internal and external network penetration testing, phishing security testing and web application penetration testing services.
Penetration testing is the process of evaluating the critical weaknesses and implementation of security controls for information systems, networks, and applications by simulating real-world attacks. Regular penetration testing is intended to identify weaknesses in security measures and is one component of a comprehensive security program.
The objectives of this initiative are as follows:
Reduce organizational risk. Penetration testing will identify vulnerabilities and exploits in Customer’s information technology assets. Testing analyzes operating systems, applications, and services for means that a malicious attacker may exploit to gain access to client’s critical systems, and data.
Test client’s security effectiveness. Cybersecurity Analysts will work with client’s team to evaluate effectiveness of client’s defensive controls.
Prioritize remediation actions based on real-world attack potential.
Web Application Penetration Test
The objectives of this initiative are as follows:
Identify vulnerabilities and weaknesses in the organization’s web application(s).
Improve the overall security posture of the organization – Penetration testing plays a critical role in an organization’s ability to defend against security threats.
Support compliance – Penetration testing can satisfy organization’s regulatory, commercial, and organizational compliance requirements.
Validate the effectiveness of existing security controls.
Support compliance – This penetration testing service helps companies comply with the following regulations:
HIPAA §164.308(a)(1)(ii) (A)
PCI Requirement 11.3.1
DFARS / NIST SP800-171 Requirement 3.12.1
New York State Department of Financial Services 23 NYCRR 500 §500.05(a)(1)
Gramm-Leach-Bliley Act §501(b)
Federal Trade Commission 16 CFR Part 314 §314.4