Security & Privacy

 

Assessments

 

We offer a variety of customized assessments to address a variety of client requirements including

  • Offensive and defensive security assessment
    (Red Team / Blue Team)

  • Technology and Operations feasibility assessments

  • Privacy Assessments – GDPR, HIPAA, GLBA, FERPA, and others

  • Industrial and process control systems assessment

  • Assessment of critical infrastructure

 

Security Programs

The Security Program in most organizations is flawed. Often Information Security and Physical Security are separated, report to different management chains and operate with different policies, priorities and focus.

Security, whether physical or information, is treated as a cost center and is usually an early target for budget reduction during periods of tight economy.

Within Security, the transition from Security Policy, to Security Program, to Security Operations is often inconsistent.  Typically, architectural features are specified as policy, unenforceable requirements are presented as mandate, and the policy is not well communicated to or understood by the lines of business, operations and development organizations that are tasked with its implementation.

Surprisingly few organizations have a formal Incident Response Plan, so response to an attack or situation often becomes a confused exercise of seemingly random acts.