CASE STUDY: THERAPEUTICS

Secure Data Collaboration, Microsoft 365 Security Return to list of Case Studies
Comprehensive security audit and penetration testing to prove cybersecurity readiness for therapeutic company
The Executive leadership team of a therapeutics company were concerned about news of cyber attacks and data breaches, and wanted confirmation that their IT systems were secure against attacks. Infracore performed a comprehensive security audit, including configuration analysis, comprehensive vulnerability scanning and penetration testing, and documented all findings in a graded report.

Business Needs and Challenges:

There were numerous challenges associated with this client:

Perform vulnerability scanning of company's internal and public-facing IT assets, as well as penetration testing and ethical hacking. Grade and report on cybersecurity readiness.

Solution:

Infracore deployed its comprehensive cybersecurity audit process. The audit performed a deep analysis of the client’s security posture, including:

  • Perform a “deep dive” configuration audit of the client’s Microsoft 365 environment

  • Perform a configuration audit of network devices, including firewalls and switches

  • Review policies and procedures pertaining to:
    • IT software and hardware inventory
    • Account creation and termination
    • Security permission granting and revocation
    • Software and system patching
    • Data backup and recovery
    • Vulnerability management
    • Endpoint malware detection and management
    • Password and multi-factor authentication
    • Acceptable use of IT systems

  • Audit permissions on the client’s file shares and Teams sites against business needs

  • Audit Active Directory

  • Perform a vulnerability scan and analysis on all client network subnets

  • Review physical security for sensitive data and systems

  • Penetration testing of the client’s externally accessible systems

  • Review the client’s cybersecurity training program


    • Infracore compiled a comprehensive report using the results of the configuration audits, the vulnerability scan, the penetration test results, and the auditor’s observations of the establishment of (and adherence to) IT policies and procedures.

    The report provided the client with a list of observed risks, as well as a grounded assessment of the likelihood and impact of materialized issues. An overall letter-grade (A through F) was assigned, based on how easily their information systems could be compromised based on the observed vulnerabilities. More than 20 recommendations to help improve the client’s security posture were included, along with the estimated effort level, impact to existing operations, and costs.

    End Results:

    Armed with this information, the client’s executive team was able to easily understand the strengths and weaknesses in their IT security posture, and were able to make informed decisions about where, when, and how best to remediate risks.



     

     

     

     

    Links to other Case Studies:
    Life Sciences
    Medical Devices
    Biotech
    Pharmaceutical
    Software
    Property Management