Security Assessments
ISO 17799/27001 Security Assessments
An ISO 17799/27001 Security Assessment is designed to provide an overview of the state of organizational and technical security. This offering focuses on security (and overlapping privacy policies), procedures, physical access controls, technical access controls and internet/intranet controls. The assessment review provides management with an opinion of what areas the organization may need to focus resources on to reduce its current level of risk
Visa CISP Security Assessment
PTS helps Visa merchants and service providers verify that they are in compliance with Visa's Cardholder Information Security Program (CISP). The program defines a standard of due care and enforcement for protecting cardholder information and is required for all merchants and service providers who handle process and/or store Visa cardholder data. The program includes an active program to ensure annual validation of their security positions.
External/Internal Vulnerability Assessment
PTS completely automates the process of vulnerability assessment, start-to-finish, including professional executive level and technical detailed reports. Without PTS, a network-wide vulnerability assessment could take days or weeks to complete. PTS frees up your resources to focus on remediation and proactively solving problems. The PTS system integrates more than 50 unique network security auditing applications and over 3,000 vulnerability tests to provide extremely robust vulnerability assessment and network security managed services. PTS customers receive the power and perspective of multiple security tools, integrated into a single managed service, with no overhead for installation, maintenance, or updating.
SAS 70
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or service auditor's examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes.
SAS 70 Type A Audit
SAS 70 Type B Audit
Computer Forensics
Electronic evidence acquisition, search, filter and consolidation of data, e-mail's and files from virtually any type of media including hard drives, backup tapes, CD-ROM, floppy disks, Zip disks and dongles.
• Reduce risk of loss of original media as evidence can be processed onsite at your facility if desired
• Expert investigators skilled at acquiring and delivering evidence from hostile and friendly environments
• Experience with all e-mail and file types including deleted, encrypted and protected materials
• Follow industry best practices to maintain the "chain of custody" evidence
HIPAA/HITECH ASSESSMENT
PTS designed the HIPAA/HITECH Security Assessment to provide an overview of the state of organizational and technical security as it relates to patient information and confidentiality. This engagement focuses on security (and overlapping privacy policies), procedures, physical access controls, technical access controls and internet/intranet controls. The assessment review provides management with an opinion of what areas the organization may need to focus resources on to comply with HIPAA Security regulations and reduce its current level of risk.
HIPAA Small Office
• Single Office
• Less than 25 IP Addresses
• 2+ Days on-site testing
(Including 3 hours of interviews)
• 3+ Days Data Correlation and Report Generation
Sarbanes-Oxley
Based on PTS's expertise in systems integration and business consulting, our professionals can assess your business and IT issues and help in the review, development and deployment of required processes to ensure Sarbanes-Oxley compliance. PTS can help you reduce the cost of compliance because we begin with a business-oriented risk assessment. By measuring risk in monetary terms before diagnosis and documentation, work priorities can be set to link compliance, risk minimization, and business planning.
Business Continuity/Disaster Recovery Planning
The Business Continuity Planning (BCP) QuickStart Implementation is designed to provide a two-week project jumpstart for business continuity planning in your organization. Our service offering was created to address the frustration a number of clients expressed in preparing a business continuity plan for their organizations. Many companies have realized that they have neither the time, nor the expertise to prepare a business continuity plan without expert guidance. Companies were left with the prospect of paying large consulting fees to have plans prepared for them. The BCP QuickStart ImplementationTM was designed to provide companies with a "leg up" to create their own business continuity plan. PTS provides the project management, training, and tools for your organization to get started.
FISMA Assessment
PTS offers the following services to assist government agencies with compliance to FISMA information security standards:
• Implementation of plans to reduce the risk to the government's information assets.
• Development of an agency-wide efficient and measurable security program.
• Design and creation of managed service for tracking and reporting.
• Assistance with understanding evolving FISMA law and compliance requirements.
• Assistance with the creation of an annual report to OMB and Congress on compliance with FISMA requirements.
• The creation and maintenance of FISMA required inventory of major systems.
SEC 17a-4 Assessment
PTS provides the following services for Broker /Dealers with regard to meeting the compliance of SEC Regulation 17a-4:
♦ Identify & tailor email / instant messaging compliance solutions for your firm
♦ Provide Designated Third Party Download service as required by SEC 17a-4
♦ Implement hardware and software solutions to meet compliance regulations
♦ Implement policies and procedures with regard to the messaging compliance system
♦ Perform regularly scheduled system testing, analysis, and auditing
♦ End-to-end secure messaging review and recommendations
♦ Full system training and documentation
♦ Full support for system upgrades
ISO 27001/17799 Security Assessment SO
Best Practices Assessment for Small Office Qualifiers• Assessment for ISO 27001/17799 • Single Office• Less than 100 IP Addresses * Prices do NOT include the costs of any tools or expenses necessary to complete a client's requirements.
Graham Leach Bliley (GLBA)
PTS's GLBA Assessment service, reviews the status of your organizational and technical security. This comprehensive review allows you to understand the implications of U.S. Federal regulations and how to make sure you're in compliance. Our expertise covers all the critical security components of GLBA.
Network Perimeter Scan
PTS will conduct a non-intrusive scan to remotely review internet-facing perimeter (IP) address for vulnerabilities as
required by the 'PCI Security Scanning Procedures' on a quarterly bases.
Network Perimeter Scan- Monthly
Monthly Scan up to Class C - (Minimum 12 months) PTS will conduct non-intrusive scans to remotely review internet-facing perimeter (IP) address for vulnerabilities. Provide valuable reports on any changes to your outward facing network.
Network Perimeter Scan- Quarterly
Monthly Scan up to Class C - (Minimum 12 months) PTS will conduct non-intrusive scans to remotely review internet-facing perimeter (IP) address for vulnerabilities. Provide valuable reports on any changes to your outward facing network.
Visa CISP-PCI Security Assessment
Merchant credit card security. Helps Visa merchants and service providers verify that they are in compliance with Visa's Cardholder Information Security Program (CISP). The program defines a standard of due care and enforcement for protecting cardholder information and is required for all merchants and service providers who handle process and/or store Visa cardholder data. The program includes an active program to ensure annual validation of their security positions.
Technical Security Controls Review
PTSTM will create a network diagram (if necessary) and analyze the architecture for data security vulnerabilities. We will also review administrative practices in relation to network devices and verify that actual practices adhere to administrative policies.
• Network Perimeter Security
• Data Transmission Privacy and Integrity
• Intrusion Detection and Prevention
• Identification and Authentication
• Systems Monitoring, Audit and Logging
• Operating System
• Up to 5 servers, 256IPs, 500 nodes, 1 site
Assess and report findings with best practices.
Regulatory Assessment for Small Office
Regulatory Assessment for Small Office Qualifiers • Assessment for GLBA, FTC Privacy and SB 1386 Regulations
• Single Office
• Less than 100 IP addresses
Network Penetration Test
PTS will conduct invasive testing of technical, physical, and administrative security systems that surround your critical information assets. Deliverables can include Red Teaming and invasive exploits run against the technical systems.
2003-2010 Server Security Hardening
Examines configurations, and tests all protocols for security vulnerabilities during migration or installation. Reports on best practices and remediates critical findings.
Exchange Migration Security Hardening
Effective protection of Exchange Server deployments requires hardening the key points of attack, as well as integrating antivirus technology with all the key virus entry points. Insure secure configuration and administration.
IIS Security Hardening
Examines configurations, and tests all protocols for security vulnerabilities during migration or installation. Reports on best practices and remediates critical findings.
SQL Server Operations Assessment
Reviews: SQL Server Licensing; Change, Configuration, and Release Management; Security Administration; System Administration; Monitoring and Control; Capacity and Storage Management; Problem and Incident Management; Service Management. Recommends Best Practices and remediation for a secure installation
