An InfraGard Member submitted a question via secureindiana.org/contact:
I attended a presentation in 2017 and I remember the presenter mentioning that you all assist non-profits and small businesses with testing or security for low or no cost. We currently do not do penetration testing but it is listed as an annual requirement in a contract with an incentive program we want to particiapate in. My IT director stated that businesses our size dont normally do this and annually would be too costly. He estimated it will cost $25,000. Is this something your organization helps with? We are a Community Mental Health Center with limited resources. Any information is appreciated.
Response:
The DHS (Department of Homeland Security) has a program called NCATS (National Cybersecurity Assessment & Technical Services) which conduct Pen Testing at no charge! It’s not highly advertised but certainly available.
Here is a description:
NCATS leverages existing “best in breed” cybersecurity assessment methodologies, commercial best practices and integration of threat intelligence that enable cybersecurity stakeholders with decision making/risk management guidance and recommendations. NCATS provides an objective third-party perspective on the current cybersecurity posture of the stakeholder’s unclassified operational/business networks.
NCATS security services are available at no-cost to stakeholders
and can range from one day to two weeks depending on the security services required.
For more information, email: ncats_info@hq.dhs.gov.
Also, here is the link for the acceptance letter that would have to be filled out in order to authorize them to perform the testing: https://krebsonsecurity.com/wp-content/uploads/2015/11/Agency-Acceptance-Letter-CH-Service-SLTT_PS.pdf
Have a Question? We can help. Contact your Indiana InfraGard Chapter: https://www.secureindiana.org/contact