Aurora’s Security and Risk Consulting team provides the expertise and analysis to help you enhance your IT security posture, reduce your information security risk, facilitate compliance requirements and improve your overall operational efficiency.
We have helped a variety of customers design their strategic security programs, assess and test their defenses, resolve critical information security breaches, and meet their compliance mandates.
Application Security Assessment
Our Application Security Assessment is designed to meet best practices for application security. Industry regulations such as PCI, HIPAA and Red Flag require application security testing. Aurora can also assess custom-designed items such as web applications and commercial applications.
Data Loss Prevention Assessment
The security industry has evolved to the point where data can now be granularly tracked, monitored, blocked and reported. Products such as Vericept and Vontu are attempting to address these problems from a technology perspective, but any security solution needs to address people, process and technology challenges. With so many forms of connectivity into and out of the organization, it is difficult to know where your data is and who has access to it. The Data Loss Prevention (DLP) Assessment addresses the needs of organizations to more tightly control their data, know where it is, from creation, to modification to transport, to storage and destruction. Data can reside anywhere from the Blackberry, to email, to spreadsheets on a desktop with no way of tracking it. Solution, we help you gain an understanding of how information moves into and out of your organization and develop policies and procedures along with the necessary tools to control your data leakage problems.
HIPAA Security and Compliance Audit Assessment
Our HIPAA information security audit is an in-depth appraisal of an organization’s adherence to existing policies and industry best practices, and identification of areas of weakness that need to be addressed to meet business needs and/or regulatory and compliance requirements. We will assess existing weaknesses and develop countermeasures in three areas — people, process and technology — for HIPAA Security Rule requirements.
Aurora provides our clients comparative information and baselines against industry standard practices in addition to the HIPAA mandated review items in the Security Rule. A complete assessment, as required under the HIPAA risk assessment specifications, includes interviews with personnel, system analysis, policy and procedure review, and remediation suggestions.
Our cost-effective approach to security and compliance makes it affordable for any size healthcare organization to be in compliance — without cutting any corners. Our comprehensive HIPAA Security assessment service offers an approach based on assessing physical and logical security, and company practices for securing confidential data.
Cyber Security Risk Assessment
Our solution uses quantitative and qualitative methods to define the current and future state of your security environment in a complete Cyber Security Risk Assessment. We determine how your organization maps to best practices, along with the steps needed to get to the next level of security, and maintain a robust security environment as change occurs. A Cyber Security Risk Assessment identifies deficiencies and correlates them to practical solutions.
PCI DSS Gap Analysis and Compliance Audit Assessment
Our PCI DSS Gap Analysis is designed to help a company determine where gaps in its security infrastructure are, prior to a full PCI DSS risk assessment. Our assessment services identify and scope the requirements for PCI compliance as it relates to the company, its agencies, merchants and services providers.
Our scanning services allow you to identify vulnerabilities that may block your company from meeting the PCI security requirements. Our reviews of education and training of all stakeholders, network architecture, plus network and application security procedures will provide a solid foundation of recommendations that will allow you to anticipate issues that may arise in a full SAQ or QSA review.
Penetration Testing Assessment
Penetration Testing is the first tactical step many companies take to begin the identification process for weaknesses in their IT environment. Our security professionals use proven techniques, methodologies and tools to detect undesirable risks. Aurora will evaluate your technical, administrative and management security controls, and conduct tests against your Internet perimeter using real-world attacks techniques — both automated and manual.
We offer 3 types of Penetration Testing:
• External Penetration Test
• Internal Penetration Test
• Website Application Penetration Testing
Phishing Simulation Risk Assessment
Our Phishing Simulation Risk Assessment measures the current level of susceptibility by performing a controlled attack against employees. Such an attack typically targets a subset of employees from each department within the organization. If appropriate, employees and departments from different offices are also be included within the test, in order to allow for the identification of any trends across the entire organization.
Security Policy Development Assessment
Our complete set of security policies can be developed including the infrastructure, third-party, asset classification, accountability, personnel security, physical and environmental security, communications security, operations security, user education and awareness, access control, system development life cycle, business continuity, disaster recovery, and regulatory compliance.
Security Training Assessment
People are often the weakest link and the most under-invested component of organization’s security strategy. Our security training fills this gap by providing interactive on-demand and instructor-led education that is accessible 24×7. Training is role-focused and can be customized to your security requirements and environment.
Vulnerability analysis is the frontline in securing an organization. Aurora can develop custom-built methodologies to utilize your personnel and financial resources to help meet business goals. Vulnerability scanning is a necessary tactical approach to securing all the “low-hanging” risk in an infrastructure. Tests will be conducted against Internet perimeters and internal systems using real world attacks techniques in an automated manner.
Security Code Review
Security code review provides insight into the “real risk” associated with insecure code. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. Aurora combines automated and manual code analysis techniques in a multi-step process of familiarization, prioritization and analysis to understand the context and make a relevant risk estimate that accounts for both the likelihood of attack and the business impact of a breach.