 |
|
 |
|
|
Full Independent Security Assessment and Auditing services. - Crimson will assess the organization against all relevant regulatory and compliance related guidelines such as NIST 800-53, SOX, GLBA, PCI, HIPPA, ISO177799, etc and present an assessment report validating the organizations compliance with multiple statutes. Crimson can also conduct audits against the company’s internal policies for compliance as well as effectiveness.
Security architecture/infrastructure design, planning - Crimson will engage with client to design a secure “Process enabling Information infrastructure”. Crimson will also identify all critical business areas and create appropriate security architectures to protect them. Crimson will also lay out a plan for implementing all architected solutions.
Security Solutions procurement, implementation and management - Crimson will manage the entire procurement, implementation and management of security solutions as a comphensive solution offering.
Security Risk Identification and Management - Crimson will conduct a complete and comprehensive Risk Analysis to discover all potential security risks. Discovered items will be ranked and detailed descriptions given on possible treat vectors, vulnerable points and potential severity of disruption.
Compliance specific Gap Analysis and Remediation planning - Crimson will help your organization analyze its gaps based on one or multiple compliancy requirements the company must meet (e.g. GLBA, HIPPA, PCI, etc). Crimson will spearhead a joint remediation solution and implementation plan, which will make the organization compliant in the shortest time and most efficient manner.
Compliance specific Gap Analysis and Remediation planning - Crimson will help your organization analyze its gaps based on one or multiple compliancy requirements the company must meet (e.g. GLBA, HIPPA, PCI, etc). Crimson will spearhead a joint remediation solution and implementation plan, which will make the organization compliant in the shortest time and most efficient manner.
Penetration testing - Crimson will conduct full-scale penetration testing against clients’ information systems infrastructure. Crimson prefers to conduct “full knowledge” Pen-tests, and will give a comprehensive report on all areas of potential data leaks or full breach.
Vulnerability scanning - Crimson will conduct Internal and External automated scanning using multiple tools, testing for the same vulnerabilities different ways and providing manual verification of positive results.
Vendor Security Management. - Crimson provides comprehensive vendor security compliance and maintenance for companies who need a simple way to assess and manage security issue remediation of their vendors and partners.
Information Security GAP Analysis: - High-level review of Companies security practices and evaluation against general security “Best Practices”.
Security Solutions Guidance/Research and Implementation Help: - For companies who know what they have to do but do not have the expertise or time to decide on what’s the best security solution, Crimson will research and recommend the best solution for the company based on Cost/Benefit analysis, as well as proper fit for company culture and need.
Incident Response creation/planning and investigation. - Crimson will provide planning help and implementation guidance in creating company appropriate IR plans, including training and testing of plans. Crimson will also provide resources in the even of a serious incident to help in containment, recovery and investigation operations.
|
|
|
|
|
