JLL Consulting is committed to providing the best practice for computer and network security. We offer the following security services:
Web Application Security Assesments
Web Applications usually have a lot of functionality, and are built under tight schedules. Most often, there is a lot of effort given to functionality and aesthetics due to management and customer demand. Security is really hard to 'bake' into these wonderful B2B tools. As such, web applications are often the lowest hanging fruit when it comes to stealing company data, or gaining a foothold into an organization. Law #4 of the Ten Immutable Laws of Security: If you allow a bad guy to upload programs to your website, it's not your website any more.
Cyber Security Posture Assesments
Security is so much more than simply technical controls. Policies, procedures, and business practices specifically tailored to individual businesses are just as important. The common phrase used in security circles is 'Bake Security in'. This means, an organization that really cares about protecting its business, customers, and employees must implement security into all business functions. We provide fixed price or hourly services help businesses bake security into their existing operations. We have worked with customers that have to comply with government regulations to customers that simply want to bolster their security posture.
Vulnerability Assessments and Penetration testing is looking intently within a domain to find exposed services and unintended functionality. So often businesses are under such pressure to produce or maximize profit and functionality of systems that security rarely gets a second glance. As such, exposed services, unpatched operating systems and applications, and rogue functionality get tangled into the system that supports business operations. From the Ten Immutable Laws of Security the top two are: Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore. Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore. Periodic vulnerability assessments can quickly identify the 'low hanging fruit' of exposure. We provide vulnerability assessments on a fixed price basis
The most effective enablers to any security program is turning the employee into a "sensor". This means becoming investing and becoming serious about security training for the employee. Because users are typically considered the uncontrollable weakest link in any organization, security awareness becomes a primary pillar in maturing the security posture of an organization. We offer remote or onsite training for organizations wanting to educate their employees on best security practices primarily focused on technology. This service often goes hand in hand with a Social Engineering / Phishing exercise
Social Engineering & Phishing
Social Engineering engagements are on of the best training tools available to employers and employees. We use two techniques that simulate a spear phishing attack where by internal computer information is exposed, and the capture of usernames and passwords is performed. In doing so, social controls are identified such as employees reporting to management, or identifying awkward information about the emails or the request.