IT Security /Compliance Consulting
Hire A Security Geek!
925-302-9682
Call Now!
External Penetration Testing
Vulnerabilty Scanning
IT Security / Risk /IT Audit Assessments
Using state of the art tools, we perform network and application level external penetration testing. The results are mapped to respected standards like OWASP and other industry-recommended practices.
Don't leave your network to easily exploitable network vulnerabilities. We can perform periodic scanning of your internal /external network segments and provide you with detailed reports of risk-rated vulnerabilties and assist with remediations
Our consultants perform detailed risk assessments on various infrastructure platforms including Windows, Unix,Linux, Amazon EC2 as well as various commercial and ERP applications. The assessment reports can be tailored to meet the expectations of executives or technical staff
Compliance support
We perform compliance readiness support to meet various compliance requirements including SSAE 16 SOC 1, 2, 3, PCI (Level 1), ISO 27001, HIPAA HiTrust, NERC, NIST, FedRAMP etc.
Secure Coding
Majority of the modern attacks occur at the application layer. However, the developers are least trained to protect against such attacks. We perform manual code review to check against software vulnerabilities like XSS, CSRF, SQLi and flag offending code
GRC ( Archer)
A well implemented GRC solution is the backbone of any robust compliance function. We can help you to implement a GRC solution and operationalize elements of the risk and compliance management program
SAP Security/GRC
It is critical that you define roles, authorizations and security high-level architecture for your SAP environment. The SoD rule set must be reviewed for risk acceptable thresholds and cleaned up for removal of SoD conflicts for Sarbanes Oxley (SOX) compliance
Firewall /DLP /SIEM Monitoring
Monitoring Data Loss prevention tools and Security Incident Event Management tools require painstaking manual labor and deep technical knowledge. Our experienced staff can correlate the incident logs and derive actionable plans.
Vendor Security
Vendor security is one of the most neglected aspects of your IT Security Program. The fact is that most organizations have already entrusted significant amounts of sensitive information and very little effort is spent perform due dililgence on them or vet them against corporate security standards
Policy Development
Security polcies and procedures are essential to set the tone at the top and drive security initiatives. Such policies are needed to show compliance with industry regulations and satisfy the internal and external auditors.
CMMI/ISO 9001/27001
- Basic Audit or Gap Analysis, Implementation and Certification
- CMMI Dev or Services especially for Level 3 organizations to move forward to Level 5
- Training, Implementation and Certification
- ISO 9001, ISO27001, ISO20000 - Training, Establishing Process Framework, Implementation, Auditing and Certification
- Training services on Quality Management, Quantitative Project Management, Process
Performance Models etc
CCIE Level Remote Support
CCIE level remote support is typically very expensive. We can provide the same at preferential rates. Please let us know what type of network/securiity device you are looking for
eDiscovery
We support the planning, analysis, preservation, collection, processing, tracking, and production requirements in response to regulatory requests and litigation through all phases of the e-discovery life cycle. We will coordinate with internal legal teams, outside counsel, IT support and vendors to ensure that the best use of technology and workflow processes are in place to accurately and efficiently preserve, collect, deliver, and track electronic information deemed to be discoverable.