Brightside’s testing and auditing services range from a passive review of documentation to full-scale, active testing of a company’s cybersecurity defenses. Vigilance requires that systems be tested regularly and audited to ensure controls and logs are being updated. Many security issues are the result of human error or a lapse in controls that at first seem harmless. An external security audit aims to ensure compliance with internal procedures, industry best practices, or regulations that an organization must follow. 
 
Auditing assets and controls is a fundamental, non-invasive way for management to know that controls are implemented and being followed. These are the most basic tests of a cybersecurity environment. A lack of asset inventory allows unknown risks to creep into an organization, and when an event occurs, it impacts recovery causing additional downtime. New equipment and software introduced to the organization but not included in the asset and risk management list are examples. Verifying logs and reports builds trust in the systems and reduces risks to management and other stakeholders.
 
Penetration testing services range from passive scans, blackbox, greybox, whitebox, and red team exercises. Penetration testing is a controlled method to measure an organization’s resilience to threats and the ability to detect and withstand them. Brightside can customize our tests to a client’s environment or start blind with no information. After a test, we review the details and outcomes with recommendations for remediation. Brightside will retest after remediation to ensure all gaps discovered were addressed and no new gaps were created.
 
Red team exercises go beyond penetration testing in both scope and timeframe. There are general guidelines, though the objective is to comprehensively test a client’s entire threat vector exposure. While updates are provided as issues are discovered, it has also been observed that a client’s IT team proactively improves, knowing that there is a red team out there probing its cybersecurity defense.
 
Brightside uses tabletop exercises to simulate attack and recovery scenarios. These exercises entail preparing a list of adverse events with details as to what they may impact. These can include cybersecurity scenarios in addition to physical scenarios that impact cyber technologies. Going beyond the basic cyber and into natural disasters, pandemics, civil unrest, active shooter, and power grid failures provide an overall view of the response capabilities of our clients. Brightside professionals help set the objectives with clients’ staff, provide customize templates, and moderate the exercises. Tabletop exercises assist in assessing your organization’s cybersecurity posture and can discover gaps in your defense and response plans.