Their story:

As a manufacturing company, they were most concerned with protecting intellectual property and account information. Loss of either of those types of data would result in significant harm to the company.

What they needed:

They wanted to know where they stood. They didn't have a large IT staff, and they knew that security was an issue. Management wanted to know where their holes were.

What we did:

We started with an External Vulnerability Assessment, followed later by an Internal Vulnerability Assessment, and finally an Administrative and Physical Security Assessment.

We did it this way because they wanted to get information at a rate they could absorb and act upon.

The outcome:

Among other things, this company needed a training and awareness program. They trusted their people, but their people were one of their most significant risks. We've done multiple training sessions with their team, and they are seeing results in the way people handle information internally.

One of their other most significant risks was their internal network, specifically keeping patch levels updated. This particular company does business in China. The lack of patch management meant that an infected file coming from a Chinese distributor (or any distributor) had an increased risk of compromising company security.

Ultimately, they now have a strong information security program that will help protect their company assests, including their significant amounts of intellectual property.