Audit and Consulting

Do you have a designated Chief Security Officer or Chief Information Security officer responsible for the security of your computer systems?

No? Don’t worry, SOCSoter can act in that capacity for you as much or as little as you need.  From completing cyber insurance forms to consulting on best practices, our certified and highly trained management staff can work with you to help guide and advise you.

Do you have a formal program in place to test or audit network security controls?

No? SOCSoter can help put regular audits in place.  We can test your security, evaluate controls and provide regular reports on how you are doing compared to almost any regulation, standard or technical requirements.

In addition, SOCSoter can perform third party audits to ensure your suppliers, business partners and external cloud infrastructure are safe and secure. Don’t let a weak link slip pass you.

Do you use some kind of firewall technology?  If so, do you know if its configured properly? 
When was the last time you had your firewall rules reviewed by a professional to ensure its set to allow what you need and block everything else.

Do you use antivirus software?
If your antivirus system is not managed and maintained by SOCSoter then let one of our seasoned consultants review your systems to make sure you are putting your best foot forward and blocking, stopping or catching all that you can with your antivirus system investment.  We will make sure that its installed, configured and updated properly and protecting all your systems while ensuring alerts are attended to properly.

If you are using some kind of intrusion detection software not provided by SOCSoter, do you know if its being used to detect unauthorized access to internal networks and computer systems?  Knowing this information is key to the protection of your business, your customers and your data.  Let us do a review or your systems to ensure you are properly protecting your valuable digital assets.

Do you upgrade all security software as new releases or improvements become available? 
If you are not using the SOCSoter Endpoint Management service then are you able to keep up with all the patches that need to be maintained on your system.  Let us take a look and ensure you are using best practices to ensure the confidentiality, integrity and availability of your systems.

Do you provide remote access to your network? Is the remote access restricted to encrypted Virtual Private Networks (VPNs)?  
Evaluating remote access is an important step in ensuring your network is safe from intruders and misuse.  Looking into multi-factor authentication process (multiple security measures used to reliably authenticate/verify the identity of an authorized user) or a layered security approach is required to ensure safe and secure access.  This also can extend to secure areas of your website, you need to make sure you have the right protections, authentication/verification methods used to protect your data.

Do you have a plan?

Let SOCSoter work with you to create the right disaster recovery plan, business continuity plan. If you are subscribed to our Incident Response plan you need to make sure you have a written plan for incident response, network intrusions and virus incidents.  We will work with you to not only develop these plans but to also help you test the plans to ensure they make sense, are easy to follow and achieve the right goals.

Is all of your valuable/sensitive data backed-up, do you even know where are that data lives on a daily basis? 
SOCSoter can help you perform a data inventory and then design an proper backup and restoral strategies for you that makes sense, is cost effective and ensures minimal downtime if an issue occurs.

Have you ever done any kind of training regarding security issues and procedures for employees that utilize computer systems? 
SOCSoter consultants can provide many different options for helping to ensure employees know what they need to do to protect the company when it comes to computer systems and the handling of data.  Let us work with you to develop a program that can be delivered virtually or onsite.  After the training has been performed we can help reinforce the lessons learned by conducting tests and drills.

Do you publish and distribute written computer and information systems policies and procedures to your employees?
If you don’t, you may want to think about what could happen if your employee takes off with a copy of all your data, client lists or proprietary intellectual property.  SOCSoter can review any policies that you have in place currently and work with you to create needed new policies or recommend changes to existing polices.  Additionally we can work with you to enforce the policies, or even detect and prevent policy violations

Nobody wants to think about terminating employees but it happens. People will be people, they will get fired for cause or positions will be eliminated. Businesses need to ensure that all associated computer access and user accounts are terminated as part of the regular employee exit process. The longer an employee is with the company, the more access and privileges they may have. Processes must be in place to ensure access is completely removed upon exit. SOCSoter can work with you to evaluate applications, access controls and processes to ensure a complete process and policy is in place.

Good habits start with good policies, do you have a formal documented procedures in place regarding:

  • Periodic updating of passwords used by employees or customers?
  • The collection, process, transmit, or maintenance of private, sensitive, or personal information from third parties (i.e. customers, clients, patients) as part of your business activities.
  • Written procedures in place to comply with laws governing the handling or disclosure of information, including any applicable Red Flag Rules?
  • Sharing of private, sensitive, or personal information gathered from customers with third parties?

SOCSoter can review any required policies that you need to have in place and work with you to develop the right documents with the right context that will help you achieve the desired goals.

Do you use encryption for:

  • User-specific, private, sensitive or confidential information stored on company servers
  • User-specific, private, sensitive or confidential information stored on portable communications equipment (e.g., laptops, BlackBerry devices, PDA’s, USB Flash Drives, or other portable devices)?

SOCSoter can help evaluate or create company policies or procedures for the secure care, handling and storage of private, sensitive or confidential information on portable communications devices.

Does your business require service providers to have access to confidential information or personally identifiable information? If so, do you require those 3rd parties to demonstrate adequate security policies and procedures? 
SOCSoter can review any reports or even perform an audit on your 3rd parties to ensure they are protecting your data and doing what they are supposed to be doing.

Does your website have log-in capabilities allowing access to secure or restricted content (e.g., accounts, subscriptions, or profiles) and/or allows user to upload or download secure data? 
If so, SOCSoter can review your website security on a regular basis. This is to ensure that your site does not become part of a malware system. You need to be confident that transactions using credit cards, debit cards, or bill-pay payments are properly secured.

SOCSoter audit and consulting services are comprehensive.  The above are just a small example of what we can provide your business.  Contact us today with questions, concerns or to speak with a consultant who can work with you to design a custom consulting engagement to help you reduce your risks and ultimately protect the Confidentiality, Integrity and Availability of your business.

138 W. Washington St. Suite 400
Hagerstown, MD 21740
(866) 977-SOC1
(866) 977-7621

No spam promise - only our latest news and freebies!

Copyright @ 2015 All rights reserved. Site Powered by
privacy policy