Your enterprise-focused information security partner delivering alignment between IT security, regulatory compliance, business objectives and solutions to complex security challenges. SOLID SECURITY BEGINS WITH KNOWING. EXCELS BY DOING.
COMPREHENSIVE. Alongside our assessment and compliance audit services, we strive to first understand the specific security requirements of each client in order to better assess their risks. Once the necessary discovery and objective information is attained, we can then identify the gaps between current vs. desired security postures. Our services not only find vulnerabilities and gaps in compliance, but also help prioritize what’s most important to each client and monitor those through proven management practices. The consistent focus is to secure
our client’s assets along with their sensitive information. The results of these information assessments and audits are presented by risk severity providing you with actionable findings, analysis and remediation planning. Herein lies the ounce of prevention. Carefully crafted elements interact to form tighter security bonds. We understand the need to see the big picture and have outlined our services in a concise methodology represented in our chart of periodic elements.
ContextualSecurity ASSESS
The average cost of a single, successful cyber attack is $300k.
69% of breaches are discovered by external parties.
ASSESS
97% of retail attacks involve payment system tampering.
ASSESS. PENETRATION TESTING Contextual Security’s Penetration Testing Service identifies areas of risk that could impact the confidentiality, integrity and availability of your sensitive information prior to a real attack. Whether in support of a compliance initiative (such as the payment card industry data security standard – PCI DSS), to meet a requirement of a business partner, or simply to test the effectiveness of your organization’s defenses, the importance of assessment can’t be underestimated.
and areas of risk that could impact the security of your web applications.
MOBILE APPLICATION ASSESSMENT Contextual Security’s Mobile Application Assessment service reviews mobile (e.g. smartphone and tablet) applications (custom in-house or commercial “off the shelf” solutions) that have access to, store or transmit your organization’s sensitive information.
SECURITY AWARENESS ASSESSMENT VULNERABILITY ASSESSMENT Contextual Security’s Vulnerability Assessment Service can quickly inventory and scan all of your organization’s hosts (internal and external) and determine if vulnerabilities exist that could impact the security of your information – before they become threats. Our Vulnerability Assessments can be scheduled on an annual, quarterly, or monthly basis to give you (and your customers) the confidence that your information is secure.
Contextual Security’s Security Awareness Assessment focuses on identifying and validating vulnerabilities associated with your employees’ ability to follow documented policies, procedures and security best practices.
CONFIGURATION REVIEWS; FIREWALL & ROUTER CONFIGURATION REVIEW
WEB APPLICATION ASSESSMENT
Contextual Security’s Firewall & Router Configuration Review service includes a thorough review of your organization’s perimeter, internal firewalls, and routers in efforts to identify any areas of risk.
Contextual Security’s Web Application Assessment Service provides organizations with visibility into the security of the web applications that store, transmit, or process their sensitive information. Clients often contract us to assist with software development life cycles, test the security of applications on a regular basis, or simply conduct a web application assessment to meet a compliance requirement. Contextual Security’s Web Application Assessment will identify vulnerabilities
Contextual Security’s Wireless Security Review includes an analysis of wireless access available at your organization’s designated locations. Our consultants will attempt to identify wireless networks (authorized and unauthorized), conduct a review of your organization’s approved wireless infrastructure and test for vulnerabilities associated with its implementation.
WIRELESS SECURITY REVIEW
ASSESS
73% of attacks on retailers are perpetrated by organized criminal groups.
COMPLY. PCI DSS VERSION 3.1 ANNUAL IT AUDIT All organizations that process, store, or transmit card holder data must be PCI compliant. As such, organizations must validate compliance with the PCI data security standard (DSS) annually by completing a self assessment questionnaire (SAQ) or by passing an onsite audit conducted by an Qualified Security Assessor (QSA). Contextual Security’s PCI DSS annual audit services can assist organizations in identifying and remediating any gaps in compliance. Our QSA’s have extensive experience in working with merchants, big (processors and customers with large retail footprints) and small (single ecommerce shops), as well as service providers.
PCI RISK ASSESSMENT PCI DSS requirement 12.2 requires that a risk assessment be completed annually to assist in identifying threats and vulnerabilities to their organizations card holder data. Contextual Security’s PCI Risk Assessment offering is tailored to merchants and service providers and focuses on those threats and vulnerabilities most commonly found to result in a breach of card holder data. Find out more
EXPERIAN Let Contextual Security Solutions, a PCI Qualified Security Assessor(QSA) company, bring context to EI3PA. Experian’s Independent Third Party Assessment (EI3PA) is an annual assessment of Experian’s 3rd Party Processors ability to protect
Experian’s data. Experian has chosen to base their audit framework on the existing payment card industry’s data security standard (PCI-DSS). However, the EI3PA differs from PCI-DSS in that it assesses how a “reseller” provides protection of Experian provided personal sensitive information data rather than card holder data. It also differs in that the merchant level and their respective reporting requirements are approved solely by Experian, not by the card issuer, acquiring or issuing bank.
HEALTHCARE COMPLIANCE AUDIT (HIPAA/HITECH) (45 CFR 164.308(a)(8)) Perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under this rule and subsequently in response to environmental or operational changes affecting the security of electronic protected health information that establishes the extent to which an entity’s security policies and procedures meet the requirements of this subpart.
HEALTHCARE RISK ASSESSMENT (HIPAA/ HITECH/Meaningful Use) Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.
ASSESS
92% of breaches are perpetrated by outsiders.
MAINTAIN. SECURITYXTENSION
B.A.S.E
security XtensionContextual Security Solutions securityXtension programs are tailored to your organization’s security and compliance landscape and risk profile. The securityXtension programs are comprised of security related tasks called Elements. Typical Elements that are offered as part of our securityXtension programs include Penetration Testing, Vulnerability Assessments, Risk Assessments, Wireless Security Reviews, etc.. The Elements are broken down into four frequency groups that have been aligned with security best practice and the requirements found in the major compliance initiatives (EI3PA, GLBA, HIPAA, NIST, PCI, ISO, etc.). Find out more
Audit and TestingContextual Security Solutions Base Assessment of Security Elements (B.A.S.E) certification program is an efficient and cost effective framework to measure and communicate your organizations security posture, as well as evaluate those business partners and service providers you interact with.
A.T.O.M Audit and TestingContextual Security Solutions Audit & Testing Onsite Module (A.T.O.M) provides organizations with affordable on-demand consultant driven security services without incurring travel costs or having to work around the consulting firm’s schedule. Whether you require a quick scan of your internal network after an architecture change, a penetration test to satisfy PCI DSS requirement 11.3, or simply need to test that new web application prior to it going live, Contextual Security Solutions A.T.O.M On-Demand Consulting (ODC) appliance provides a timely, cost effective solution. Contextual Security Solutions offers the A.T.O.Mappliance as part of a quarterly or annual subscription. Find out more
The B.A.S.E program includes an assessment of your organizations core technical and administrative controls. Elements included in the B.A.S.E program are listed below: • Critical Controls Audit • Network Architecture Review • Network Vulnerability Assessment (External, Internal) • Penetration Test (External, Internal) For those organizations needing a deeper dive, the Enhanced B.A.S.E program includes all of the Elements found in the standard B.A.S.E program, but also adds a Physical Controls Assessment, a Security Awareness Assessment, a Web Application Assessment, and a Wireless Architecture Assessment.
Seeing your company’s technology compliance status should not be an arduous task. after all, the whole point of technology is to compile data efficiently and simplify our work lives. Following the evaluation procedures developed by Contextual Security, Illumino provides a snapshot of your compliance process, allowing you to instantly understand remaining steps involved in your process without the necessity of explaining to an employee why you are asking the question in the first place and it is completely customizable to any legacy compliance platform so there is no need to start from scratch. The current compliance marketplace consists of technology tools that are either outmoded or deeply inefficient. If an IT degree is required to access the reports and understand what they say about your company, then you will appreciate Illumino. Following the evaluation procedures developed by Contextual Security, Illumino provides a snapshot of your compliance process, allowing you to instantly understand remaining steps involved in your process without the necessity of explaining to an employee why you are asking the question in the first place and it is completely customizable to any legacy compliance platform so there is no need to start from scratch.
CORPORATE EXECUTIVE
COMPLIANCE MANAGER
COMPLIANCE AUDITOR
Owning a company requires agility and oversight. You need to understand your IT security plan from start to finish. It needs to be presented to you in terms you can understand and with reports that are easy to access without any level of administrative oversight. Illumino’s Executive Dashboard is the answer.
The responsibilities of an internal IT employee expand with each and every technology system added to a company, forming a virtual mountain of work. Managing compliance requirements is just another of your many roles and the Illumino Compliance Manager Dashboard is here to simplify that. Our easy-to-access reporting tools instantly reveal steps needed to achieve regulatory compliance, freeing you to take care of more alluring landscapes.
Traditionally, an auditor would run system software, compile mountains of data, parse it over several days - maybe weeks - and then deliver it to a distracted client. Now the Illumino Compliance Auditor Dashboard makes all of this efficient and streamlined, providing instant reports that can be reviewed with a client on the first visit.
52% of breaches used some form of hacking.
75% of companies say IT risks impact customer satisfaction and brand reputation
78% of intrusions are rated as low difďŹ culty.
SOLID SECURITY BEGINS WITH KNOWING. EXCELS BY DOING.
OUR APPROACH has always been to walk the journey of compliance with you, helping you navigate the process. Because we spend this level of attention on each customer, we ďŹ nd that our relationships deepen into friendships. And as such, we acquire a level of loyalty for your success that simply cannot be attained by any computer algorithm or short-time technician. This is the story of how our company became people-focused.
OUR STORY Contextual Security was founded on the most rigid ethical principles and built by people with the deepest commitment to discretion. During our decades of experience we have seen it all. But we are also mature enough to understand that our world is simply imperfect and every company is doing its best to operate successfully while mitigating these types of imperfections. We have streamlined our processes using custom tools (such as Illumino and others) to help drive down the cost of effective security and compliance. We make a personal, faith-based commitment to delivering excellence to you. When you choose your data security company, you need people you can trust, reliable timelines and solid pricing that delivers stellar results. Contextual Security excels in all of these categories and so much more. Call us. You’ll see the difference.
CONTEXTUAL SECURITY SOLUTIONS 5100 Poplar Avenue, 27th Floor | Memphis, TN 38137 MAILING: PO Box 1552 | Collierville, TN 38017 SALES: 901 489 5849 | OFFICE: 800 513 6820
contextualsecurity.com goillumino.com