NetSPI has established itself as a trusted provider of cyber security and compliance program consulting to the Power & Energy industry. Our clients count on us for in-depth technical assessment, network architecture design and review, system hardening, and independent program gap analysis.
NetSPI focuses on mitigating risk to your business and customers, and on helping you create and maintain a compliant, secure environment. We bring to this critical work a combination of technical excellence, proven processes, and personal integrity to ensure project success and value. NetSPI delivers that value through advisory, assessment, and audit services that can reduce risk while helping you meet a range of compliance requirements.
Corporate Security & Compliance
Advisory Services
Strategic Security Services.
Not every security need fits neatly into a predefined project. That's why NetSPI offers client-driven Strategic Security Services. NetSPI will help define and deliver projects that leverage interdependencies and benefits from security and compliance context mapping, based on a thorough understanding of your business and technical requirements.
Risk Analysis and Threat Modeling.
NetSPI examines your infrastructure and operations to understand all the risk factors that you face. In addition, we can help protect confidential data in relationships with third-party service providers, partners, and data programs. We also perform application threat modeling to define the attacks that could be made against a software application.
Assessment Services
Application Security.
NetSPI helps you minimize risk within applications through multi-layer application code reviews, database configuration reviews, and reviews of both thick clients and web applications.
Network/Infrastructure Security.
In performing a Network Vulnerability Assessment, we look for all the commonly known vulnerabilities as well as newly discovered ones. Where appropriate, we use multiple market-leading software tools, combined with expert manual testing by our consultants to verify the findings and eliminate false positives. We apply the same thoroughness to quarterly ASV Scans that are part of the PCI compliance process.
Penetration Testing.
NetSPI's internal and external penetration testing can leverage a variety of techniques, including network-based, phone-based, and physical social engineering as well as web-based phishing. We also can assess the security of your wireless implementation and recommend measures to mitigate identified risks.
Audit Services
PCI Consulting and Audit. For energy firms that are subject to PCI regulations, NetSPI offers a complete set of PCI pre- and post-audit services. And for firms that develop and sell applications that touch credit or debit card data, we provide expert PCI PA-DSS services.
Plant/Generation Security & Compliance
Advisory Services
Cyber Security/Compliance Program Development.
NetSPI can help develop or enhance the effectiveness of your cyber security and compliance management programs. Our experience and success with clients in heavily regulated industries where rigorous, controls-based standards exist delivers efficient solutions and high value.
Assessment Services
Technical Controls Assessment.
NetSPI has extensive capabilities in the technical assessment of security controls based on risk and compliance requirements, including secure network design, system configuration & hardening, vulnerability assessment, and penetration testing.
Cyber Security Program Assessment.
NetSPI provides qualified assistance to identify and minimize risk within critical systems, networks, and applications. Our Compliance Gap Analysis Methodology assists in assessing program effectiveness against security best practices and regulatory standards, including NRC/NEI and NERC.
Plant Control/Critical Systems Review.
NetSPI can provide expert assessment and guidance for critical system/asset considerations like obsolescence, placement, and required security control solutions. We provide assistance guided by security best practices and mapped to regulatory compliance.
