GDPR Compliance Package An all-in-one bundle designed to help you reach compliance.

Last April, the European Parliament adopted the General Data Protection Regulation (GDPR). The GDPR requires businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU. Companies that do business in EU countries or process the personal data of EU citizens must be in compliance by May 25, 2018.

Our GDPR compliance package is specifically designed to help you achieve and maintain compliance. Our package contains a gap analysis to identify your current compliance posture, and penetration testing to demonstrate due diligence and reasonable security as required per Article 32 of the GDPR. 

Our package includes:

General Data Protection Regulation (GDPR) Gap Analysis Our gap analysis is an interview-driven process which comprehensively explores your current security policies, processes, and infrastructure against GDPR Requirements. After evaluating the scope of your environment, and the privacy data that is stored, processed, or transmitted throughout your environment, Triaxiom will evaluate your organization’s compliance posture, identify any shortfalls, and provide tailored recommendations to boost your security posture and meet compliance requirements. Topics include:

  • Utilizing the Center for Internet Security (CIS) Critical Security Controls Triaxiom will evaluate your organization’s ability to provide an “reasonable” level of security to any personal data storage and processing, per GDPR Article 32.
  • Evaluate your organization’s incident response process to ensure the ability to identify and contain ongoing attacks. Additionally, we will evaluate the organization’s data breach notification policy and procedures required in the event of an incident.
  • Review the collection, transportation, and destruction of data from EU Citizens to ensure consent, right of access, right to rectification, right of erasure, right to restriction of processing, right of data portability, and right to object are met.
  • Audit the processes in place for ensuring third-party compliance with GDPR. This includes the evaluation of third-party compliance, outline of responsibilities to third parties, and breach notification requirements.

 External Penetration Test An external penetration test emulates an attacker trying to break into your network from the outside. The goal of the engineer performing this assessment is to breach the perimeter and prove they have internal network access. This test includes:

  • Open source reconnaissance against the organization
  • Full port scan covering all TCP ports and the top 1,000 UDP ports of the targets in scope
  • Full vulnerability scan of the targets
  • Manual and automated exploit attempts
  • Password attacks

Internal Penetration Test An internal penetration test emulates an attacker on the inside of your network. This could be either an attacker who is successful in breaching the perimeter through another method or a malicious insider. The goal of the engineer in this module is to gain root and/or domain administrator level access on the network, and gain access to sensitive files. Activities include:

  • Active and Passive network reconnaissance including traffic sniffing, port scanning, LDAP enumeration, SMB enumeration, etc.
  • Vulnerability scan on all in-scope targets
  • Spoofing attacks such as ARP cache poisoning, LLMNR/NBNS spoofing, etc.
  • Manual and automated exploit attempts
  • Shared resource enumeration
  • Password attacks
  • Pivoting attacks

Vulnerability Scanning Vulnerability scanning is a regular, automated process that identifies the potential points of compromise on a network. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. Our engineers will conduct this scan for you and use our expertise to remove false positives and produce a risk-prioritized report.

Why Triaxiom Security

We partner with you to give you the information you need to defend against today’s threats.