Over the years, SystemExperts™ has developed a broad set of standard IT security services. However, from time to time, our clients need something different and we customize a project specifically to meet their requirements. In the section below, we provide thumbnail descriptions of a representative sample of these custom projects. If you don't see an example of the type of project you are interested in listed below, please contact us for your custom security project - this list is just the tip of the iceberg.
For convenience, the projects are organized into the following categories:
SystemExperts performed an ISO 27002 Compliance Program for the financial management firm that manages the endowment of a leading university. Upon completion of the engagement the CIO noted that the project confirmed what they had been doing well, identified what they were doing wrong, and most importantly, helped them to understand what they had not been doing at all.
Many Software as a Service Providers and Application Services Providers constantly have to explain their security program to prospective customers. Often that involves the time consuming task of completing detailed questionnaires. SystemExperts performed an ISO 27002 Compliance Program for a leading outsourced employee compensation, performance, and benefits administration firm. The firm was able to turn its high degree of operational security and ISO compliance to a competitive advantage issuing a press release touting its success and simplifying its sales cycle over the long term.
For a company that provides multivariate testing, web site optimization, and offers a variety of web-based services to its customers, SystemExperts performed a PCI Compliance Program that included a required annual on-site compliance review.
For a company that creates customized Software as a Service (SaaS) for financial institutions and government entities and that has a particular expertise in web hosting and customer support for Tax Collection and Billing Software, SystemExperts performed a PCI Gap Analysis. The purpose of this engagement was to help the organization understand what it would need to address before it would be in a position to pass a formal PCI-DSS audit.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires covered entities to comply with both the HIPAA Privacy Rule and the HIPAA Security Rule. SystemExperts worked with an on-line medical records management firm to assess whether its operational policies, procedures and practices were sufficient to protect the confidentiality, integrity, and availability of the Electronic Protected Health Information (EPHI) under its control.
(201 CMR 17.00 Standards for the Protection of Personal Information of Residents of the Commonwealth) Most organizations find that they have a substantial amount of work to do to comply with the Massachusetts identity theft prevention regulations. In particular, the law requires organizations to develop, implement, and maintain a comprehensive written information security program (WISP). SystemExperts worked with an on-line medical records management firm to help it to understand what was required to comply with the regulation and to develop a practical plan to do so. SystemExperts served in an advisory role as the company developed its WISP.
For one of the largest investment banking and securities companies in the world, SystemExperts performed a review of its flagship web site. The purpose of the review was to find exposures or actual vulnerabilities that would put the company’s reputation or customer’s personal data at risk. The review also focused on ensuring that unauthenticated users could not view private data and that authorized users could not view others’ data or escalate their privileges.
For a market search company, SystemExperts performed an external penetration test of its critical Internet facing systems. The purpose of the test was to find security exposures that might allow a determined intruder to get access to internal resources. SystemExperts provided guidance to help the company prioritize the issues that required remediation.
For the nation’s oldest payments association and processor, SystemExperts performed a physical security review of several of its primary facilities. This review also included social engineering. The results of this review helped to significantly enhance the company’s policies and procedures for properly dealing with calls and in-person visits to key entrance points, loading docks, security stations, and IT infrastructure locations.
For one of the world’s largest mutual fund companies, SystemExperts performed a review of the wireless services that are offered to guests and visitors. The results ensured that uninvited wireless systems could not use internal services and that authorized users could not access internal resources. SystemExperts provided recommendations for enhancing both the physical management and configuration of the wireless services as well as the policies and procedures that governed those resources.
For one of the largest networks in the world, SystemExperts developed a methodology for periodic penetration testing, ongoing reduction in webs of trust, and continuous health checking.
For a leading money center financial firm that uses Kerberos firm-wide for authentication, SystemExperts assisted it in moving from a CyberSafe Kerberos code base to the MIT code base. SystemExperts fixed memory leaks and other programming problems with the MIT code and also developed a thread safe implementation of the resulting Kerberos code.
Security Gap Analysis in Preparation for Integration of Subsidiaries For a leading Wall Street firm, SystemExperts performed a Gap Analysis to identify policy, technology, and operational differences between the parent company and three of its subsidiaries that had previously maintained their own IT and security infrastructures.
For one of the world's largest banks, SystemExperts developed a strategy and technology plan to help it effectively deal with the problem of identity management. The scope of this project covered employees, customers, and key business partners worldwide. Other topics it addressed included account lifecycle management - the creation, deletion, and modification of accounts; account monitoring and certification - verification of existence, ownership, and use of accounts; and emergency access/privilege management - management of temporary access to privileged accounts in emergencies.
For a large law firm, SystemExperts consolidated the security requirements it had been receiving in the form of questionnaires from prospective clients into a comprehensive outline of security policies. SystemExperts than assisted the firm in creating actual practical policies to support this comprehensive outline.
Many capital management firms and hedge funds are characterized by having very small IT organizations. SystemExperts assisted one capital management firm in developing a set of ISO 27002 compliant security policies specifically tuned to the practicalities of a small business.
For a leading insurance company, SystemExperts developed a realistic attack scenario and then monitored and coached the firm’s staff through an incident response scrimmage. Moments after starting, it was clear that the activity had been enormously beneficial when the firm learned that its assumptions about the role its external monitoring company would play in managing an actual incident were not in sync with what the monitoring company was expecting to do.
For a major investment bank, SystemExperts developed a secure authentication and authorization model and technology roadmap for its customer-facing application.
For a leading mutual fund family, SystemExperts™ identified architectural and control problems in its proposed use of messaging on the SWIFT (Society for Worldwide Interbank Financial Telecommunication) network. The application environment is a heterogeneous Service Oriented Architecture (SOA) implemented with Web Services, IBM's MQ Series, and Tibco's Enterprise Service Bus (Business Works).
For a well established regional bank in southeastern United States, SystemExperts followed its unique Accelerated Security Assessment methodology to assess the security of the bank's connection points to the Internet, assess the security of its critical call center application, and test the security of its internal systems. Our consultants also assessed the physical security controls that the bank had implemented to protect its assets. The key to this methodology is its efficiency, which allows us to perform this broadly scoped project inside of one calendar week. ASP Security Assessment for Exploration Company For one of the world’s leading mining and exploration companies, SystemExperts performed an ASP assessment to ensure that its vendors are in compliance with pertinent regulations. SystemExperts used several well-known security standards as the framework for the review and focused on assessing its operational procedures, change management processes, data classification, incident handling, and general access methods for sensitive information.
For one of the world’s most well-known nonprofit organizations, SystemExperts performed a SaaS security assessment to ensure that its security policies and procedures were consistent with industry best practice and (largely) compliant with appropriate security standards. SystemExperts used these standards as the framework to assess the overall security design, data flows, policies, procedures, and security controls.
For one of the world’s largest hedge fund companies, SystemExperts performed a multi-part network security audit to help it understand the types of security risks that existed in its connections to the Internet, computers accessible via modems, sensitive data on portable systems, and its ability to thwart social engineering attempts to disclose sensitive information. Each part of the project was owned by a separate division within the company and the results helped it to reconcile cross-organizational security discrepancies and develop a more cohesive set of policies and procedures that were common across the company.
For a leading chemical corporation, SystemExperts performed a simulated executive and employee stolen laptop analysis. For this assessment, SystemExperts was given a laptop from an actual key executive and key employee and were asked to see if we could “work around” the access security mechanisms and gain access to sensitive corporate data or gather enough information to get access to its internal network.
For a well known multinational financial firm, SystemExperts evaluated the security of the standard builds (OS configuration plus layered software) it uses on both the Linux and Windows platforms.
Peace of mind at an affordable price - You'll be able to sleep at night knowing a team of our network security experts is on your side and watching your back.
Cost-effective compliance services in HIPAA, PCI, and ISO 27002 - working with you to achieve business-practical results.
We’re different – a long term perspective pervades everything we do: quality and responsiveness; staffing and business practices; fixed price engagements; experts and only experts.
Compliance with regulations and contracts is forcing organizations to develop documented security policies.