Crimson Security :: Practical Information Security

Information Assurance Audits

We provide a wide range of audits for information security. The standards we audit against include, but are not limited to the following standards:

NIST 800-53
Security provisions of the Sarbanes-Oxley legislation
GLBA compliance
HIPAA compliance
BITS Matrix standard
Privacy related security compliance for CA SB1386 and similar legislation in other states
ISO 17799
PCI Data Security Standard ( We are certified QSDPs)
SAS70 Type II
COBRA standard

This offering includes the Solution Architecture, Design, Implementation and Management services detailed below as necessary.

Solution Architecture, Design, Implementation and Management:

Our security solutions management offering allows us to provide strategic and practical guidance and help to companies working towards compliance with any regulatory, contractual or legal requirements. Our services in this area include security policy set creation, review and analysis, rollout guidance and monitoring, security architecture/infrastructure design and planning, remediation planning, implemtation of security solutions, and a range of other consulting services that will enable easy, practical and secure compliance. We also offer a Security Lifecycle Management Program that ensures that multiple compliance requirements are met at the same time and allows for management, tracking and auditing of all remediation actions. This program also ensures that the compliance reports are kept up to date at all times and provides a view of the company’s compliance as of the day accessed. Please see SLCMP for further details.

Risk Management:

We offer a complete Risk Management Program that begins with an established risk methodology based on the ISO27001 standard, but also takes into account Business Process and Financial Risk. We help create a complete Information Security Management System and help manage a process to maintain and update the system. Our Risk Management Program also includes the use of the Security Lifecycle Management Program. This offering also includes a Risk Treatment Plan that will be created with the client.

The Security Life Cycle Management Program

Crimson Security presents the first complete information security cross compliance and third party security management process

Compliance requirements in information security are a major concern for financial institutions today. With a proliferation of requirements, multiple audit requirements and various standards, keeping current is a formidable task. Crimson's Security Life Cycle Management Process is designed to simplify, centralize and automate these management and compliance challenges.

The Security Life Cycle Management Program allows companies to achieve several aims in a single process. As the first such solution, the SLCMP combines a powerful management system with a practical and rigorous process to ensure compliance and a robust security posture both internally and for third parties conducting business with the organization.
The SLCMP management system is also available for implementation and internal use. This is attractive to large institutions that have several sources of assessment reports (both internal and external) and need to manage the compliance of a large number of vendors. This is especially aimed at enabling and empowering compliance and security staff that have to verify and maintain vendor security compliance.
The SLCMP system is designed to be flexible and can be customized to accommodate any standard or methodology used for compliance and security assessments, if different from pre defined standards already available in the system. The system can also accommodate multiple levels of assessment. (For e.g. a self assessment, onsite assessment etc).
All information security compliance, remediation, maintenance and management processes are combined into a single process enabled by a powerful management system.