Security Assessment

In our effort to provide the best possible information security services, and to constantly evolve and improve those services, Elysium Analytics has partnered with Security Compliance Associates, located in Clearwater, Florida, to form “Team Elysium”.

Overview

Team Elysium has delivered security-related solutions to a wide range of clients, including city, state and federal government agencies, financial institutions, healthcare providers, and a multitude of other types of businesses. Through the design and development of individually customized programs derived from the client’s corporate structure, size, and primary IT initiatives, we have repeatedly met the latest regulatory requirements while facing complex threat environments. In doing so, Team Elysium has become an optimal resource in taking hold of all enterprise-wide information security and compliance issues.

One of the challenges in any company’s endeavors to meet compliance requirements is the sheer number of different guidelines that originate from both private and government agencies. These include, but are not limited to: Gramm-Leach-Bliley Act - FFIEC, NCUA Reg 748 - FDIC, OCC, SEC, FINRA and other agency guidance - HIPAA Security Rule 45 CFR Parts 160 & 164 - HITECH Act - OCR - American Land and Title Association (ALTA) Best Practices Pillars 1 – 7.

Throughout our undertakings, both members of Team Elysium utilize a wide range of methodologies. Some examples of these are: NIST SP 800-30, 800-53, 800-53(A), 800-66 - NIST Cybersecurity Framework - FFIEC Cybersecurity Assessment Tool - CIS Critical Security Controls - OWASP - ISO 27001.

Services

In the initial stages of our cybersecurity assignments, Team Elysium starts with the Cybersecurity Risk Assessment. This analysis is carried out in order to accurately describe the organization’s cybersecurity posture as it relates to the NIST Cybersecurity Framework. In leading off the Team’s proprietary assessment process, a baseline for the current level of risk is defined and validated through the utilization of multiple disciplines, including the NIST Cybersecurity Framework and various other industry standards, as well as Team Elysium best practices. This is then followed by the evaluation of the primary components and sub-components of the client’s information architecture in correlation with the five Cybersecurity Maturity Domains. Following completion of this stage, a custom report that includes precise details surrounding each assessment discovery is generated. Through this process, Team Elysium’s Cybersecurity Risk Assessment aids our clients immensely in their preparation for all types of regulatory scrutiny relating to cybersecurity, and significantly improves their overall cybersecurity outlook.

Web App Assessment

When the enterprise engages Team Elysium, a number of automated and manual checks are performed to identify web application vulnerabilities. For this endeavor, a combination of commercially available tools and licensed software applications are employed. Thereafter, by capitalizing on the discoveries which have been made through both manual and proprietary techniques, the Team can test security attributes associated with functionality, usability, interface and compatibility. With the help of external-facing application testing, as well as the incorporation of OWASP Top 10 guidelines, the evaluation of potential vulnerabilities in all types of web-based environments is facilitated. These types of threats are continuously evolving and changing quickly. As a result, the organization can see quantifiable benefits from regularly-scheduled re-assessments of its web application security status

Vulnerability Assessment & Pen Testing

One of the most important information security initiatives a financial institution can undertake is Internal & External Vulnerability Assessment and Pen Testing.

Team Elysium, which is well known for its leadership position in internal and external assessment work, applies a combination of higher-learning, industry-leading software and an intimate familiarity with the systems that surround financial institution infrastructure in order to reach the goal of an informed and meaningful assessment.

The Team’s abilities in the communication of critical knowledge to the client lends itself well to these assignments. Our highly-credentialed technicians, who are tasked with the evaluation and understanding of the organization’s entire network topology and configuration landscape, assure that Team Elysium delivers thorough assessments and finely-tuned analysis across all critical network assets.

In looking at the sum total of our process and documentation measures, it becomes apparent that our clients enjoy complete confidence in the fact that the assessment has been performed to the highest of standards. This is assisted by the re-validation of assessment discoveries, and through the delivery of thorough, clear and concise reports. Similarly, remediation advice is identified and presented. As Team Elysium conducts both internal and external assessment work, we adhere to the client’s particular preferences, and always maintain the common goal of providing repeatable methodologies that conform to the appropriate regulatory guidelines.

Regulatory Compliance

Another keystone component of Team Elysium’s combination of services and solutions is based on constantly updating our knowledge base as it relates to regulatory and compliance issues. These include: Information Security Policy and Procedure Review, Development, and Maintenance - Information Security Awareness Training - Incident Response Plan - Business Continuity Plan and Disaster Recovery Plan - Business Impact Analysis.