What We Do

Our business is to help organizations become secure and compliant with a variety of technology security services. We work with many different types of organizations that are in various regulated industries like community banking, data centers, and law firms. We breakdown our services in compliance related services and security related services, see more details below:

Compliance Services

Security Services

Our Process

Info Security Process Pie.005

The vision for any of our services is to be able to provide the ‘ultimate proactive compliance experience’. So we’ve built a multi-faceted process to support you feeling great about your compliance environment. Our process consists of four major areas:

  • Our Process – This is our ContinuousCompliance methodology that moves from a single point-in-time review to a risk-based proactive continuous schedule to ensure that your risks stay low year round and becomes a deeper part of your culture.
  • Our Risk Operations Center – Also known as the ROC, this is where the wizards behind the curtain ensure a quality experience. Providing you ongoing schedules, updates, and reports when and how you need. This team of experts are here to ensure that you’re organized, proactive, and happy.
  • Our Field Consultants – Our field consultants are our subject matter experts showing up onsite to review the areas that are next on the schedule and providing you additional updates and help throughout the year.
  • Our Toolkit - We leverage a suite of tools that is right for the work at hand. We have tools for project management, risk assessments, reporting, and also including all the tools required for our penetration testing.

Managing compliance is inherently costly, complicated, and overwhelming so we have put together a process that ensures that your experience is nothing but the ultimate proactive compliance experience.

Our Toolkit

Auditor

Our Auditor product is used to help streamline the compliance management process. It has the ability to provide risk assessments, audits, recommendations, and reporting. We have incorporated a wide range of community banking templates in it as well to allow you to utilize it for all banking compliance needs.

Auditor - Garland Heart

Other features include:

  • Enterprise Dashboard
  • Template System
  • Simple Project Management
  • Dynamic Reporting

Project Manager

Project Manager is what we use to interact with all our clients. It facilitates the planning, communication, and ongoing follow-up that is required to make our customers successful. This tool has a ton of great features to make it a intuitive project management experience such as milestones, task management, and even mobile access.

Project Manager

Other features include:

  • Messaging
  • Custom User Permissions
  • Calendars & Subscriptions
  • Mobile Access
  • Task and Subtasks

Blog

The Heartbleed Bug (SSL/TLS)

Using_SSL_with_your_K1000_Appliance___Konversation_with_Dell_KACE_–_The_Official_Dell_KACE_Blog

By now you might have heard of the Heartbleed bug (CVE-2014-0160). The bug is a vulnerability in the popular OpenSSL cryptographic software library. The Heartbleed bug affects any sites and services running specific versions of OpenSSL (1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1). The bug received its name from an SSL function called heartbeat, which sends out a pulse to check the connection status. The bug allows spoofing of this “heartbeat” function and potential access to the server. The bug was a programming mistake in the OpenSSL library that provides cryptographic services. There is a fix available now and affected systems should upgrade to OpenSSL 1.0.1g. Systems unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. For now, you should treat every website you have visited as being insecure. We recommend that you generate new passwords for your most critical websites after the vendors have updated their servers. Also, develop a plan on how to respond to your customers.

Here is a list of major services affected including whether or not you need to change your password with them:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

Information Security Lifecycle

process_-_Google_Search

It is important to realize that Information Security is a process… not a project. I say this because some folk can feel defensive when we present our consulting recommendations. As is often the case with conflict, I think this is attributable to miscommunication.

Information Security follows a lifecycle similar to other business processes. This lifecycle will differ based on the process framework you are working with, but in general it should follow something similar to CobiT’s model:

  • Plan and Organize
  • Acquire and/or Implement
  • Deliver and Support
  • Monitor and Evaluate

We provide services in all of these phases, but it seems that findings in the “monitor and evaluate” are of the variety that most often lead to a defensive posture. However, these “findings” or “recommendations” are a normal part of the lifecycle. Without this step the cycle is incomplete and your architecture cannot provide the assurance it’s hopefully designed to provide.

With this step, we can be assured that the lifecycle is working at it should and that it is continually improving. Each recommendation is an opportunity to revisit the planning and organizing process. This helps ensure that we are leveraging information security to achieve the assurance an organization needs to serve it’s larger purpose(s).

In my opinion, it is the absence of “recommendations” or “findings” that should be most concerning as it may reflect complacency in your organization or your vendor… or both. Your Information Security Lifecycle cannot improve without them.

Contact

Send Us an Email

Fill out my online form.