ISO 27001 and ISO 27002 are models for best practices for Information Security, covering everything from establishing, implementing, operating, monitoring, reviewing, and maintaining to improving a security program. This engagement not only identifies any opportunities for improvement, but also delivers a risk- ranked actionable plan for improving your company’s security posture. This type of engagement can help you address other standards compliance as well, including technology controls for SOx, GLBA, NIST, FISMA, and FFIEC among others.
If your organization stores, processes or transmits credit cards - you are subject to compliance with PCI-DSS. AOS will present you with a concise, independent scorecard of your PCI-DSS compliancy, and deliver not only a solid understanding of any gaps in compliance but also deliver abusiness-reasonable,actionableplan and roadmap to achieving compliance. We act as your discrete advocate to help you identify and resolve PCI compliance issues before they become a problem, so that you can fix issues on your timeline without being subject to significant PCI compliance fines or the reputational losses of the breach notification processes.
Our HIPAA and HITECH Gap Analysis solution offering documents potential risks and vulnerabilities to the confidentiality, integrity, or availability of protected health information (PHI) and determines the appropriate safeguards to bring the level of risk to an acceptable and manageable level. Our Meaningful Use Risk Analysis meets the requirements under the Security Management Process standard of the Administrative Safeguards portion of HIPAA Security Rule 164.308(a)(1), a necessary component to Stage 1 qualification for Meaningful Use compliance for additional Medicare reimbursement dollars.
ATTACK: Through application vulnerability scanning and network penetration testing, AOS will test your environment with top end commercial and open source tools to assess the technical security of servers, desktops, network devices, and other IT assets. We also deliver advanced application and/or DB testing (SQL injection, etc.). AOS will provide not just automated testing results but relevant business risk and impact analysis. The RESULT; an actionable, weighted plan of attack: what to fix, in what order,and why!
The AOS branded VISE offering (Vulnerability Incident Security Engine), balances log management, reporting, event management, privileged user, and file integrity monitoring to support security operations and compliance use cases. With AOS doing all the 24x7 monitoring, the offering includes a Knowledge Module architecture, which correlates and packages reports, investigations, alerts, artificial intelligence engine rules and lists.
AOS can assess your facility security and what is often your weakest security link: your people and their adherence to processes. In this assessment we will evaluate the physical and process safeguards in place. Optionally, we can attempt to gain access to protected resources or areas in person, via phone or Internet.
Disruptions to business as usual (BAU) will impact all organizations to some degree at some point from a variety of causes. The question is how agile is your organization in adapting itself to the consequences of and recovery from a catastrophic event. That is organizational resiliency. AOS can help assess, create or improve, and then exercise both the technical and human sides of your recovery plans from the interruption, thru recovery, and restoration back to BAU.
In this extended consultative role, AOS brings value as your in-house Information Security executive. One-year engagement terms are standard. The VISO works at the guidance of your leadership team, typically performing tasks such as: guiding a remediation program to address audit or compliance gaps; developing a strategic plan and roadmap for security, resiliency, technology risk management and guiding the implementation of that strategic plan; implementing policy, procedure and/or standards documentation; implementing or enhancing security awareness training.