We have extensive experience in finding and employing cost-efficient solutions that mitigate risk and comply with security control requirements. New firewalls don’t need to cost thousands of dollars. Using open-source firewalls and open-source Intrusion Detection systems are a great fit for small and medium sized businesses. These solutions cost hundreds of dollars instead of thousands. Collect and monitor IDS logs using an open-source SIEM like Elastic Stack and reduce your SIEM costs from around $65k per year to just the cost of operating the server. If the right solution isn’t available through open source, we will help your organization work through the analysis of available tools to determine the right fit.
We provide detailed audit and assessment plans prior to conducting any audit; this ensures that you know exactly what we intend to assess and how we will capture our audit data. But the detailed documentation doesn’t stop there, we provide detailed audit reports that include executive level risk assessments as well as executive level risk mitigation measures. Our detailed documentation will provide both the executive and the IT/Security admin with the right information to clearly understand what changes need to happen and recommendation for how to implement cost efficient solutions.
Our staff has years of experience analyzing multi-million dollar Defense Department weapons systems, weather systems, and IT applications as well as software destined for the Intelligence Community. We understand what it means to maintain attention to detail and provide a rigorous risk assessment. We piloted a brand new risk management method within the USAF that lead to fully understanding the real risks and stepping away from a compliance based assessment. This achievement allowed a critical national security asset to prioritize and minimize risk in a thoughtful and meaningful manner. We developed a software risk assessment and reuse program within the DoD which was approved by the highest levels of the Information Security chain of command. This enabled a risk assessment for software to be used in deploying platform independent applications to already developed and deployed systems. We’ve provided black-box penetration testing on servers that support commercial websites as well as Joint Special Operations Command servers. Our strong level of knowledge in real risk assessments will help you defend against auditors with a compliance paradigm and field systems quicker and cheaper.