Securistec’s approach to your organization’s program is based on the fact that every client is unique.  We offer a risk based approach based on your specific business model, assets and resources.  We assist our clients in identifying potential vulnerabilities and provide recommendations in a prioritized manner so that a solid business decision can be made on the implementation of specific remediations or acceptance of identified risks.

Our assessment process involves assessing the asset to understand where vulnerabilities may be leaving the organization exposed to risk. Assessment activities generally fall into one (or more) of the following types:

• Design Assessment activities which evaluate the appropriateness of controls by comparing the control design against the client’s control objectives, industry good practice, laws/regulations, and/or the auditor’s professional judgment (e.g., an Application Architecture Review).
• Compliance Assessment activities which validate that the control measures established are working as designed, consistently, and continuously (e.g., a Password Audit).
• Substantiative Assessment activities that provide assurance that the control objectives are being achieved, and where they are not, provide a measure of probability and business impact (e.g., a Penetration Test).

Black Box Testing (aka Penetration Testing or Ethical Hacking) is a substantive test of the net security posture resulting from the cumulative security controls applied. It is typically leveraged to assess the net security posture (trustworthiness) of key elements of your security environment (e.g., networks, applications and people).

White Box Testing uses all relevant system resources and information that is available to the assessment team.  In a white box application assessment, the assessment team typically has access to the asset, design documents, data models and technical personnel.  Access to this information makes it possible to perform a comprehensive analysis of the asset (e.g. applications).

• BANKING & FINANCIAL

  Securistec professionals have robust experience in the banking and financial industries and can build customized Risk Assessments, Technology Audits & Remediation for Business Processes, Applications, Devices, Data and Facilities to ensure Privacy, Security, GLBA, PCI DSS & SOX Regulatory Compliance.

  
  
• CONSTRUCTION

  Physical site location and security procedures are reviewed to ensure that your business is safeguarded; we provide Risk Assessments & Technology Audits for Business Processes and Facilities to ensure Security Compliance.

  
  
• ECOMMERCE & RETAIL

  In this rapidly changing and ever expanding world of brick & mortar and electronic shopping experiences, Securistec is dedicated to protecting your customer data as well your competitive advantage with real-world Risk Assessments, Technology Audits & Remediation for Business Processes, Applications, Devices, Data and Facilities to ensure Privacy, Security, GLBA, PCI DSS & SOX Regulatory Compliance.

  
  
• EDUCATION

  At Securistec our professionals take pride in ensuring that faculty and student data as well as financial aid and billing information is protected through rigorous Risk Assessments, Technology Audits & Remediation for Business Processes, Applications, Devices, Data and Facilities to ensure Privacy, Security & HIPAA Regulatory Compliance.

  
  
• GOVERNMENT & NON-PROFITS

  In this time of heightened security for governmental and non-profit organizations, the Securistec team will work to ensure that assets are protected through Risk Assessments, Technology Audits & Remediation for Business Processes, Applications, Devices, Data and Facilities to ensure Privacy, Security and Regulatory Compliance.

  
  
• MANUFACTURING

  An organization’s in-house business processes and proprietary data is the key to their competitive edge in today’s global market place.  The Securistec team will work to maintain confidentiality and ensure that this information is secure for the organization through rigorous Risk Assessments, Technology Audits & Remediation for Business Processes, Applications, Devices, Data and Facilities to ensure Privacy, Security, GLBA, PCI DSS & SOX Regulatory Compliance.

  
  
• MEDICAL & HEALTHCARE

  In the ever expanding realm of healthcare the Securistec team will ensure that your Protected Healthcare Information (PHI and ePHI) and Personally Identifiable Information (PII) is safeguarded.  We work with you to provide protection on patient records, internal processes and billing as well as all emerging healthcare regulations through Risk Assessments, Technology Audits & Remediation for Business Processes, Applications, Devices, Data and Facilities to ensure Privacy, Security & HIPAA and other Regulatory Compliance.

  
  
• RISK ASSESSMENT BUSINESS OVERVIEW