Our Consulting Services
- Vulnerability Assessment
- Data Loss and Endpoint
- Application Security
- Website Vulnerability Assessment
- Data Encryption
- Hosted Disk Encryption
- Messaging Security
- Application Security
- Web Security
- Endpoint Security
- DLP Security
- 2-Factor Authentication
Many organization face requirements from internal and external auditors, business partners or regulatory bodies. The security team is required to help provide an analysis of the environment but may not have the breadth of experience to cover all areas of security. Outside assistance is needed to address audit and compliance requirements.
An information security audit is an in-depth appraisal of the organization’s adherence to existing policies and industry best practices and identification of areas of weakness that need to be addressed to meet business needs or regulatory and compliance requirements. We will assess the existing weaknesses and develop countermeasures in three area, people, process and technology.
We can analyze your compliance measures against SOX, HIPAA and PCI requirements. We can determine cost effective software, procedures and process compliance measures to adhere to regulatory standards. Through our gap analysis approach, we design a remediation process and identify mitigating controls.
The audit can be broken down into the following areas:
- External – Analyzing the security of the organization’s perimeter from an external perspective.
- Internal – Analyzing the security of the desktops, laptops, servers and storage as well as the existing security processes and procedures from an internal perspective. Areas that can be reviewed include but are not limited to security over intellectual property, vendors, legal and compliance issues, disaster recovery, business continuity, data storage, etc.
- People and Process– Assess vulnerabilities associated with how employees conduct themselves, including contractors, visitors and unauthorized insiders. Review business processes for inherent weaknesses according to industry best practices.
- Physical – Assess the physical controls around information assets for potential vulnerabilities including:
Deliberate acts of destruction
Loss of services
Equipment and system failure
Serious information security incidents
Personnel (hiring, firing, transferring/moving) and safety
Building and property access, monitoring and recording
How the Process Works
We will be onsite to interview relevant staff, conduct automated testing and review all pertinent documentation. Current practices will be compared to industry best practices and any regulatory requirements that the company must follow. A summary and detailed report will be provided identifying all findings and detailed solutions will be provided to both fix the current problem and change business processes as necessary to avoid the problems from reoccurring. You may choose to have us do a retest using only automated techniques after you have completed the recommended fixes. This will be at a discounted rate.
We provide a programmatic approach for evaluating technical, administrative and management security controls across your environment. The Penetration test is a necessary tactical approach to securing all the “low-hanging” risk in your infrastructure. We will conduct tests against your Internet perimeter and internal systems using real world attacks techniques, both automated and manual.
Our security professionals regularly perform automated and manual penetration tests, using proven techniques, methodologies and tools to detect undesirable risk conditions. External points of attack include Internet routers, firewalls, DNS, the web application, and database servers as well as undocumented hosts that may provide a foothold or deeper pathway into a company’s infrastructure from the web application systems. Attack and Penetration services constitute a highly evolved and structured approach to examining the security functionality of systems. All of our analysis processes are designed to be non-disruptive to the organization in most cases, providing valuable insights into a company’s overall security posture.
An experienced and highly certified Aurora® engineer will deploy security solutions and do knowledge transfer. We will train the customers IT staff on best practices, deployment methodologies, policies and integration with existing technology. This includes upgrades and updates. The Aurora engineers can train on solutions offered by PGP, McAfee, Aladdin, Lumension Security and SecurePATH. Training can be expanded to end users and executives as well, on how to use the solutions deployed. Custom documentation may also be created and delivered depending on the project scope and requirements.