PCI Compliance has been around for a while now. It’s funny to me to see QSAs now offering special pricing to provide services to Level 2 Merchants. Their packaged pricing includes fixed fee services to assist Level 2 Merchants in getting validated.
Sometimes we’ll talk with clients and they feel like they don’t know where to begin in managing information security. A great first step would be a Risk Assessment. A risk assessment recommends treatment of discovered risks and then manages remediation of gaps in risk controls.
With advanced malware these days, you’ve got to assume you’re probably already infected. Typical testing methods, though good for spotting vulnerabilities, may not find the malware already lurking in your environment.
Governance of Enterprise Security. Just read a interesting survey finding. The 2012 survey was done by Carnegie Mellon CyLab, sponsored by RSA. They surveyed how boards and senior executives are governing the privacy and security of their organizations’ digital assets. They used the Forbes Global 2000 list – respondents included: CEO/Presidents (52%), Corporate Secretaries (15%) […]
As many companies have already discovered, virus and malware infections are becoming more prevalent than ever regardless of the AV solutions in place. Malware continues to grow as the greatest threat to intellectual property or network assets. Most companies remain unaware of how widespread the problem is or even how much malware has propagated the […]
HALOCK’s Security Program Review is based on ISO 27001 and 27002. It provides a baseline of your current security posture.
We get calls for forensic analysis and investigation for a variety of reasons. Sometimes it’s a breach and the client wants to find out how bad the damage was, if anything was taken, if there’s any leave behind like malware, etc. Sometimes it’s an internal investigation on an employee for suspected theft or for breaking […]
One of the things that makes HALOCK a hybrid services firm is our unique practice groups, plus we bring to the table skill sets ranging from governance and strategy, PCI QSA knowledge, assessments and compliance, security solutions, and very seasoned network security engineering services.
You’re doing regular scanning, penetration testing, web app testing. You’re patching, you’ve implemented the latest and greatest. What are you doing for advanced malware threat protection?
You’ve probably seen it in the past. Economy swings, business takes a hit. What’s one of the first things that gets chopped from the budget? Cyber Security Awareness Training.