Latest Blog Post

read more

News and Events

August 25, 2014 - Sherri Davidoff began teaching her Introduction to Cybersecurity course at the University of Montana.
 
September 5, 2014 - We're pleased to announced that Network Forensics Puzzle DVDs from 2011, 2012, and 2014 are all available on BytePuzzles!
 
October 31, 2014 - Karen Palmer will teach "How Attorneys Get Hacked (And What You Can Do About It)" and "How to Find and Preserve Digital Evidence" at the Crowne Plaza in Billings for the Yellowstone County Bar Association (3 CLE credits).
 
read more
 
LinkedIn Reddit Delicious Technorati Twitter Digg Stumbleupon

 
Join our Email Newsletter

 
Class and Book

Want "Network Forensics" (the class) taught privately at your facilities? Request an Onsite

Order Network Forensics: Tracking Hackers Through Cyberspace!


 
Need Expert Consulting?

Request a Quote

Email Us an RFP



GLBA / FFIEC
 

Comply with FFIEC guidelines for information security managenent (GLBA 501(b)), and make sure your customer data is secure. LMG provides independent technical security testing, including penetration testing, web application assessments, and social engineering testing. For each test, we can provide a letter of attestation suitable for presentation to third parties. We can help you develop new policies or revise existing ones, to make sure your documentation is complete and effective.

At LMG, we believe that compliance and security should be fully aligned. We conduct detailed, organized risk assessments for financial institutions. All of our reports include risk ratings, as well as descriptions of impact and prioritized recommendations.

Let us help you make smart choices.

 
Service Description Details
Penetration Testing

Find your weak spots before the hackers do, and comply with regulations.

LMG's penetration testing services include:

Web Application Assessment

Make sure your web applications are secure.

Conduct a comprehensive external assessment of your web application, so that you know it's secure. Tests include:

  • Cross-site scripting
  • SQL injections
  • Session hijacking
  • Authentication bypass
  • Buffer overflows
  • and much more...

Unlike other firms, we don't just run automated scans. We always test your web application manually as well, using advanced techniques beyond most attackers' capabilities.

Vulnerability Assessment

Test your network security and identify vulnerabilities-- safely and effectively.

Conduct a comprehensive examination of your systems, and receive a prioritized, detailed list of vulnerabilities and recommendations. Options include:

Social Engineering Testing and Training

Build your defenses against phishing attacks and social engineering scams, and track performance over time.

Safely and effectively train your employees to resist social engineering attacks, while gathering statistics. LMG's realistic phishing tests train your employees to:

  • Always be on the alert
  • Verify senders before trusting an email
  • Refrain from clicking on links in phishing emails
  • Know how to recognize fake domains
  • Check for SSL/TLS encryption in login pages
  • Only enter usernames/passwords into trusted, encrypted sites
  • Properly verify the identity of phone callers
  • Report suspicious emails or phone calls immediately

We carefully track your employees' performance and provide you with detailed reports, including visual graphs and charts, easy-to-read summaries, specific areas for improvement, and comparison with previous test results.

Policy/Procedure Development and Review

Develop policies and procedures to meet compliance needs and security best practices.

Let us develop and revise your policies, to help you:

  • Comply with industry regulations such as GLBA and SOX
  • Set realistic and achievable guidelines
  • Reflect the unique needs of your organization
  • Establish an adaptable and scalable policy framework

Our speciality is creating customized policy frameworks that are realistic and work long-term.

Training and Education

Train your staff, with internationally recognized authors and instructors.

LMG's training options include:

Risk Assessment

Meet FFIEC guidelines for Information Security Risk Assessment.

A comprehensive security risk assessment, based on review of your policies, procedures, and technical testing results. May be bundled with technical testing.

LMG's risk assessment methodology is based on the following guidance issued by the United States federal government:

Receive a prioritized list of risks, descriptions of impact and likelihood, controls in place, and recommendations.