We see it all the time: When a business thinks of securing their critical data assets, state-of-the-art technology is usually the first safeguard they look into.

GBQ’s team of experts helps our clients to manage the risks of running and growing a business in a threat-filled digital world. We do this by helping them to identify, catalog, prioritize and manage information security privacy and compliance risks.We facilitate clients operationalizing risk management into their standard business process by assessing their risk posture, working alongside to improve their environment and then staying with them to help safeguard their operation.

Our team has worked hard to develop a framework of security solutions that equip you to protect what’s important, know when it’s at risk and promote a positive security stance to your stakeholders. We balance our clients next to industry standards and practices, use the assessment to help them prioritize improvements to their security and privacy programs, and stay with them to help continually safeguard the business by applying risk management principals.

Information Security Testing

Risk assessments and security testing are an important part of any information security program. GBQ offers an array of assessments and tests that range from the strategic to the highly technical. These include:

  • Security Program Review – a formal measure of the maturity of your security program. Is it reactive? Improving? Mature and aligned with company goals? A Security Program Review helps you improve the security operation in your organization.
  • Risk Assessment – A risk assessment identifies potential security issues and analyzes what could result if something actually happens. It prioritizes issues based on the likelihood they might happen and the impact they would have to your organization if they do happen. A risk assessment helps you prioritize your security program investment
  • Controls Assessment – A comparison of an organization or system against a defined control set; such as NIST, SANS CAG, OWASP and so on.
  • Compliance Assessment – A comparison of an organization or system against the requirements defined by a regulatory authority such as HIPAA, PCI and GLBA.
  • Security Architecture Review – A security architecture review takes a high level look at your IT architecture focusing on the major elements of your systems and how those elements broadly interconnect.
  • Security Assessment – a review of your technical information security program from the prospective of baseline controls expected of firms following leading information risk management and security management practices in today’s adversarial environment.
  • Vulnerability Assessment – a review of an organization’s controls to determine areas of potential risk and identify areas with weak or non-existent controls in place.
  • Application Assessment – a review focused on a particular application target typically a web application or mobile application.
  • Incident Management – The overall process of response when an incident has been discovered or reported.
  • Incident Response Test – The specific actions taken as specified in the organization’s incident response plan to react to an active incident and protect the organization.
  • Penetration Test – a test of an organization, network, system or application, which uses technical tools.


Information Risk Management & Strategy

Information Risk Management is a business issue.  What are our most valuable assets? Where are they located, on our network and elsewhere? Who might want to gain control of them? What adverse effects are most likely? What adverse effects will most impact our business? What do the regulators have to say about our practices? What are the information risk management costs associated with entering a new market? Businesses today must grapple with these questions as a normal part of their business operation.

At GBQ we can help structure the process where those questions are managed through:

  • Information Risk Management, Organization and Governance
  • Security Program Review
  • Security Program Development
  • Policy and Procedure Development

Network Security Assessments

GBQ offers optional external, internal, wireless, and social engineering assessments targeted at specific technology assets. A specific fee quote will be provided depending upon the number of servers/devices/applications/locations to be included in the assessments.

  • External Network Security Assessments focus efforts on security of external facing routers, firewalls, remote access connections (VPNs), and Internet accessible servers.
  • Internal Network Security Assessments focus on components of the internal network infrastructure including servers, workstations, storage systems, and databases looking for vulnerabilities that can be exploited to gain unauthorized access to system. We will also review operating systems and device patch management practices.
  • Wireless Security Assessments will look at access point configurations and placement, broadcast signal patterns, network segmentation for visitors, and management practices for multiple access points.
  • Social Engineering Assessments include attempts to gain access to systems or data by phishing, solicitation, e-mail or by physical access to sensitive areas.