Success Stories

The importance of satisfied customers cannot be more important to our business. Measuring success within our accounts means a thorough retrospective look at the quality of our work, the accuracy of its scope, and the timely delivery of project deliverables. The following is a tribute to the many successes we enjoy to the benefit of our clients.

For a Mid-Market Healthcare firm, we provided our Virtual Security / Privacy Officer^SM service where we served as HIPAA Privacy Officer, ISO ISMS Audit Manager, and Compliance Officer to address and manage HIPAA privacy and security issues.  Duties included establishment and management of privacy oversight committee (POC) meetings comprised of senior management, HR, information security, legal, marketing, and other applicable staff to make decisions regarding privacy issues; active monitoring of the privacy rule, other state or federal privacy legislation, and applicable accreditation standards as an ongoing process recognizing the obligation for simultaneous adaptation and compliance; track the potential for more stringent state laws to supersede HIPAA and a state’s right to apply for HIPAA exemption for existing or new state laws when there is conflict or uncertainty of relative stringency; produce and manage Security & Privacy Awareness training documentation for customer and perform or oversee such training; produce various Security Awareness reminders, updates, notification materials (e.g., publications, flyers, etc) to educate customer staff on a regular basis; review or initiate business associate agreements according to the HIPAA mandate; ensure ongoing compliance monitoring of all business associate and chain of trust partner agreements to ensure that privacy issues are addressed and that business associates, subcontractors, and chain of trust partners are compliant with the privacy standards; establish a mechanism to track access to protected health information and allow qualified individuals to review or receive a report on such activity; and establish a process for handling privacy complaints that ensures the tracking of all complaints from point of receipt through resolution with communication to the initiator.

For a Fortune 500 Financial Services firm, we performed a security risk assessment of our client's third party Help Desk operations to determine the inherent threats and vulnerabilities associated with logical and physical access; access to customer assets including workstations, servers, applications, networks, and datacenters; examination of existing security controls, compensating controls, and supporting policies and procedures; examination of existing management and monitoring solutions in place or available; and examination of past/baseline security findings data. Our risk assessment team identified several threats and risks not previously identified, provided a detailed Executive Summary report to benchmark findings for management; provided a thorough Technical report detailing all technical findings, risk levels, assigned controls, compensating controls, and residual risks and residual risk levels; and our knowledge transfer session properly transferred the knowledge we gained within this effort as a vehicle to convey this to our customer along with our detailed mitigation recommendations.

For a Large Municipality, we architected and installed a complete LAN, WAN, and server infrastructure encompassing 21 buildings over 35 square miles. Our solution included fiber installations between all government buildings, Cisco routers and switches, wireless 802.1x in special locations, Cisco PIX and ASA security appliances, IDS/IPS technologies, Web proxies, Microsoft Windows 2003 servers, 250+ desktops, and all associated cabinetry and UPS devices. Group Policy was used to push down security policies to all servers and desktops and EFS was used to protect highly confidential files and folders. Proxy servers, content filtering and AV were used to filter traffic, and managed services were provided to report health and security activity and provide device and application level management.

For a Fortune 500 Retailer, we architected an end to end e-commerce encryption solution to satisfy PCI requirements as defined by payment card merchants (Visa, MasterCard, American Express, Discover). Our solution provided for encryption of all payment related data in transit and in storage, and provides for security during processing from Point of Sale terminals through various mid-tier systems responsible for processing to the backend Mainframe.

For a Local Law Enforcement organization, we conducted a thorough forensics investigation cataloging the activities of over 600 users to determine the perpetrators. Detailed findings, including intent and damages, were documented in over 40 books of findings prepared and delivered to law enforcement officials who included a Sheriff's department, the FBI and Secret Service.

For a Fortune 500 Bank, our trained consultants worked within a group to ensure Sarbanes-Oxley compliance throughout the IT department. Business processes within IT were uncovered, mapped to COBIT control objectives, and investigative efforts were conducted to ascertain whether applicable controls and policy were being followed. Areas requiring attention were given special focus and effort. Our documentation provided the customer with a clear understanding of their business as it relates to compliance objectives within Sarbanes-Oxley.

For a Fortune 100 Insurance firm, we designed and built an enterprise and extranet 3-tier Microsoft Windows 2003 Certificate Services solution. The solution provided EFS protection to desktops, laptops, and select servers with full Key and Data Recovery; domain authentication, secure directory access via LDAPs, and secure email. User population was 35K+ and consisted of internal, external, and affiliates.

For a Fortune 200 Institutional Investment firm, we conducted a forensic analysis of a recent security breach, identified areas for improvement, and detailed our findings which included remediation steps for improved platform security, perimeter security, and remote access security.

For a Fortune 100 Retail Pharmacy, we served as project manager within a three-year project to address and resolve existing HIPAA related security issues for the firm. Guiding the efforts of a medium-sized team of managers and technical staff, we addressed gaps in security policy and procedures by following our well detailed roadmap to HIPAA security awareness, training, and remediation.

For a 100 Pharmaceutical firm, we designed a remote branch office security solution for over 4,000 locations that could be centrally managed from corporate headquarters.  The solution enabled headquarters-based security staff to securely manage remote security policies, remote security events, and client access at each location.  As part of this solution, we also were responsible for the architecture of a scalable IP numbering scheme for each remote branch office and the corporate WAN employing NAT.

For a Fortune 150 Insurance Provider, we conducted a thorough application security assessment of their high profile online e-business solution.  Our consultants carefully reviewed Web application code, application and network architecture, and the process of monitoring and managing this customer facing solution.  Based upon our detailed findings and expert recommendations, the company was able to stave off numerous security threats before they had a chance to be exploited.  In addition, we performed follow up security scans to validate the success of electronic and logical fixes.

For a Global 2000 Management Consulting and Research firm, we drafted a complete suite of Information Security Policies & Procedures to guide this global company and its vast worldwide employee base through the acceptance and implementation of much needed security standards.  First, we met with key members of management and technical staff to ascertain the needs and plot the direction and scope of the needed policies and procedures.  Next, we drafted a complete roadmap that could be used to develop and implement these security standards worldwide.  By leveraging our expertise in this area, our customer was able to get a firm grasp upon the very security standards that would guide the company's technology initiatives and daily operations.

For a Fortune 100 Pharmaceutical firm, we drafted a complete suite of information security standards that would guide the company through its daily operations, and project managed corporate wide security gap reduction and security enhancements initiatives.  After assessing the security of internal systems, external systems, analog systems, and egress management within this large nationwide firm, our consultants identified key areas of concern mapping and measuring business requirements with applicable security vulnerabilities and formulated a complete project plan that categorized and prioritized key risks associated with the business.  Next, working with our client, we systematically mitigated security risks throughout the organization and helped institute corporate wide egress security management practices that would help prevent their reoccurrence.

For a Fortune 100 Retailer, we architected a secure nationwide 4,000+ site 802.11b wireless local area network capable of centralized wireless access point and client-side management, event management and alerting, and daily operations management to include remote firmware upgrades, security policies, and key rotations.  Our solution enabled this nationwide retailer to save millions of dollars annually in provisioning, cabling, and establishment of new facilities. Our solution also enabled this large retailer to take advantage of numerous wireless technologies that enhance both employee and customer focused usage which otherwise would have been out of reach.

For a Fortune 100 Bank, we worked with key security staff and management to ensure the secure redesign of their customer and business partnership online banking solutions.  By implementing the most appropriate technologies which included firewalls, network based intrusion detection, host-based intrusion detection, secure application architecture and Web access controls and virtual private network solutions, our security expertise was leveraged to guide these critical business applications to formal release.