News and Events

July 27-30 2013 - Sign up for "Network Forensics," the 4-day Class at Black Hat in Las Vegas, NV. Register Today.

read more

Class and Book

Want "Network Forensics" (the class) taught privately at your facilities? Request an Onsite

Order Network Forensics: Tracking Hackers Through Cyberspace!

read more

Need Expert Consulting?

Request a Quote

Email Us an RFP

Join our Email List!

GLBA / FFIEC

Comply with FFIEC guidelines for information security managenent (GLBA 501(b)), and make sure your customer data is secure. LMG provides independent technical security testing, including penetration testing, web application assessments, and social engineering testing. For each test, we can provide a letter of attestation suitable for presentation to third parties. We can help you develop new policies or revise existing ones, to make sure your documentation is complete and effective.

At LMG, we believe that compliance and security should be fully aligned. We conduct detailed, organized risk assessments for financial institutions. All of our reports include risk ratings, as well as descriptions of impact and prioritized recommendations.

Let us help you make smart choices.

Request a Quote

Service	Description	Details
Penetration Testing	Find your weak spots before the hackers do, and comply with regulations.	LMG's penetration testing services include: External penetration testing: How secure are your Internet-facing servers? Internal penetration testing: Are you protected from insider attacks? Mobile device penetration testing: If a laptop, tablet or phone is lost or stolen, can attackers get your data?
Web Application Assessment	Make sure your web applications are secure.	Conduct a comprehensive external assessment of your web application, so that you know it's secure. Tests include: Cross-site scripting SQL injections Session hijacking Authentication bypass Buffer overflows and much more... Unlike other firms, we don't just run automated scans. We always test your web application manually as well, using advanced techniques beyond most attackers' capabilities.
Vulnerability Assessment	Test your network security and identify vulnerabilities-- safely and effectively.	Conduct a comprehensive examination of your systems, and receive a prioritized, detailed list of vulnerabilities and recommendations. Options include: External vulnerability assessment: Test your Internet-facing systems Internal vulnerability assessment: Check your internal network Quarterly, semi-annual, or annual examinations and reports Comparison with prior assessments Letter of attestation that you can provide to third parties
Social Engineering Testing and Training	Build your defenses against phishing attacks and social engineering scams, and track performance over time.	Safely and effectively train your employees to resist social engineering attacks, while gathering statistics. LMG's realistic phishing tests train your employees to: Always be on the alert Verify senders before trusting an email Refrain from clicking on links in phishing emails Know how to recognize fake domains Check for SSL/TLS encryption in login pages Only enter usernames/passwords into trusted, encrypted sites Properly verify the identity of phone callers Report suspicious emails or phone calls immediately We carefully track your employees' performance and provide you with detailed reports, including visual graphs and charts, easy-to-read summaries, specific areas for improvement, and comparison with previous test results.
Policy/Procedure Development and Review	Develop policies and procedures to meet compliance needs and security best practices.	Let us develop and revise your policies, to help you: Comply with industry regulations such as GLBA and SOX Set realistic and achievable guidelines Reflect the unique needs of your organization Establish an adaptable and scalable policy framework Our speciality is creating customized policy frameworks that are realistic and work long-term.
Training and Education	Train your staff, with internationally recognized authors and instructors.	LMG's training options include: General workforce security training Network Forensics class on-site, at your facilities Security team training Incident response tabletop exercises and training drills Custom training to suit your needs
Risk Assessment	Meet FFIEC guidelines for Information Security Risk Assessment.	A comprehensive security risk assessment, based on review of your policies, procedures, and technical testing results. May be bundled with technical testing. LMG's risk assessment methodology is based on the following guidance issued by the United States federal government: FFIEC IT Examination Handbook National Institute of Standards and Technology Receive a prioritized list of risks, descriptions of impact and likelihood, controls in place, and recommendations.