Primary Scope:

CyBourn undertook a comprehensive cybersecurity assessment project at Imperial Valley College which consisted of the following components:

• Conducting an External Pentest involving a Black Box review of a Class C public IP range.
• Firewall Benchmarking, which included reviewing firewall configurations and rule sets according to CIS benchmarking standards.
• Executing an Incident Response Tabletop Exercise which entailed reviewing and commenting on the existing IRP, designing threat scenarios, conducting an onsite tabletop exercise, and compiling a detailed report.

Engagement:

• Conducted personnel interviews to meticulously evaluate the security settings of the information system.
• Coordinated closely with key personnel at Imperial Valley College to ensure an aligned approach and shared understanding of goals.
• Worked diligently to identify avenues for bolstering the security of the operating environment.

Key Issues and Challenges:

• Identifying potential risks and working closely with network and application owners to develop detailed testing scenarios and goals.
• Maintaining transparent and efficient communication throughout the project to ensure aligned objectives and expectations.
• Collaboratively establishing a clear and actionable project scope with Imperial Valley College.
• Creating a comprehensive report that encapsulates findings and recommended remedial actions.

Results:

• Developed a comprehensive report detailing the discovered issues, their severity, steps for reproduction, and potential remediation strategies.
• Adopted a proactive approach to identify critical findings swiftly, seeking authorization to exploit when necessary.
• Ensured diligent follow-up on critical findings, culminating in retesting to validate the effectiveness of the remediation steps implemented.
• Facilitated a closing meeting to present all findings and recommendations, fostering a dialogue to discuss future security strategies and paths forward.