| Our Information Security Group provides Risk Management Consulting services for global Fortune 500 enterprises as well as mid-size corporations. Our services are outlined briefly in this document to convey our capabilities in a general overview fashion. To better understand your needs and how we can accommodate those needs, we recommend a meeting to gauge how our services are aligned with your critical needs. |
| |
| Regulatory Compliance Consulting |
|
| Our Regulatory Compliance Experts are very knowledgeable in international as well as domestic governing laws such as Sarbanes-Oxley, GLBA, etc. as well as prevailing standards such as ISO-17799 and information assurance models such as COSO, COBIT, ITIL, etc. Through our methodology and years of compliance experience we bring the “best blend” of standards and information assurance models to bear on your regulatory compliance issues. |
|
|
| Healthcare Compliance Consulting |
|
| Our HIPAA Readiness Assessment framework is based on the Principal Lead Model. In the Principal Lead Model, it is the experienced personnel who do the work. Information Security Principals, each with 10 or more years of audit and security experience, lead and perform the entire engagement. The HIPAA Compliance Readiness Assessment framework provides the process to evaluate the current state of readiness for each of the HIPAA compliance standards. |
|
| |
|
|
| Data and Network Security Engineering |
|
| There are three parts to the model, namely people, process and technology. First we look at who has access, who monitors system activity, who's doing administrative functions, and who has authorization to view, edit and change data and grant access. Then we look at the processes, such as what logs are being kept and when reviews take place. This phase requires an in-depth look at your policies and procedures, including how Human Resources personnel hire, train and review your staff. Only after these two key facets of your business are analyzed can the technology portion of the recommended solutions be determined. This three-pronged approach allows customized solutions to make sure that security measures are part of your company's overall process - not just a reaction to a breach. |
|
|
| |
|
|
