Our Corporate Information Security Program services help businesses identify their security goals and develop a strategic plan for a corporate-wide security program. The program includes development of program descriptions, charter establishment, policies and the assistance needed to get a strong security program off the ground.
The our Computer Security Incident Response Plan (CSIRP) Development service can either assist your existing security team or allows you to leverage our team of experts when in need. We can reliably detect and respond to security incidents.
Plan for your large mobile deployment from beginning to end through our comprehensive evaluation of your usage, the risks you may encounter and the controls you need. Define high-level policies for controlling and monitoring risk associated with mobile devices and applications. Establish a governance framework for data compliance that encompasses mobile platforms. Integrate mobile security considerations into your overall security program.
The Security Awareness Program Development service helps you design impactful training programs based on best practices and the expert advice of consultants who innately understand information security, the sophistication and tradecraft of the actors you face, and the importance your employees play in protecting your organization.
Dramatic changes are taking place to secure Protected Health Information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) Security Rule has been in effect since 2003. Our HIPAA specialists will perform the following tasks in order to evaluate your HIPAA compliance and provide support towards remediation of any deficiencies:
A Vendor Relationship risk analysis is one of the key steps in ensuring the compliance of a third party software provider or contractor. In the unfortunate case of a breach by a Vendor or Third Party contractor, the only protection a business has is the due diligence exercised to verify the privacy and compliance requirements of the third party. Our 53 question risk assessment with your vendor and their technical staff will provide all of the protection required for your relationship. Any gaps found in the risk assessment are documented and contract language added to protect you and your patients.
A sensitive data scan will locate social security numbers, credit card numbers, drivers licenses and any other defined data within your storage, whether hidden in an Excel spreadsheet on a desktop, or on your servers. The PCI DSS requirements apply to all of the components of the network containing cardholder data. Gramm-Leach-Bliley Act requires the entity knows where all sensitive data is transmitted and stored. HIPAA HITECH also holds requirements for sensitive patient records as well. Therefore, it is important to scan all of the networks to search for cardholder data that may be stored on desktops or back-end accounting systems. A 'Sensitive Data Scan' will find this highly sensitive data so that actions can be taken to contain and secure it. We can include the scan in our proposals or you can provide evidence that the cardholder data is contained as described.
Cloud Penetration Testing is performed under strict guidelines from cloud service providers like AWS, Azure, and GCP. They often incorporate a white-box approach that enables the most in-depth testing to take place, and provides insight into detailed configuration settings and authorizations. Assessments can include, but are not limited to:
We're anxious to help secure your network. Contact us to learn more about how we can help.
Contact Us