RHINO IT SECURITY:
IT AUDITING
PCI, SAS70, Sarbanes Oxley (SOX), Red Flag, FISMA/ FACTA, HIPAA Compliance, Certification, Regulations
OUR PURPOSE: To provide, clear, honest and detailed Audit results. It is also our goal to ensure that all applicable compliances, regulations, and certifications are met with accurate findings and the lowest impact to our client’s bottom line, IT Infrastructure, and their ability to conduct safe, secure business.
What products and services are offered?
Internal Network Security Assessment
This evaluates a breadth of network security issues based on the primary tenants of security: confidentiality, integrity, and availability. We begin with understanding your network architecture, critical applications, and business processes. An in-depth technical review of all necessary controls is then performed on-site using a variety of techniques, including vulnerability scanning, active directory queries, password cracking, and network traffic analysis.
The end result is an aggregated, prioritized list of actionable, practical recommendations that can be used to further strengthen your Information Security Program. Rhino IT Security audit scope begins with the FFIEC guidelines, adds tasks and issues found from our experience with security assessments over the past eight years, and further focuses our probing based on the reality of your unique environment and security profile.
External Network Security Assessment (Penetration Test)
The External Assessment is completed entirely off-site and focuses on external threats originating from the Internet and other remote access. We use a hybrid approach, incorporating the breadth of a vulnerability assessment and the depth of a penetration test. What distinguishes Rhino IT Security work is the manual validation of all vulnerabilities to eliminate false positive results from the report and the manual probing to uncover vulnerabilities that software tools and scanners miss. As with the Internal Assessments, the findings, impact, and recommendations are reported in risk-adjusted order.
Web Application Security Assessment
We follow the OWASP methodology for web analysis meant to definitively identify existing vulnerabilities for both basic brochure oriented sites and complex online banking and database driven sites. The steps then taken in our security assessment are grouped in four distinct phases: Reconnaissance, 2) server configuration, 3) session and account management, and 4) input validation.
PCI Audit Services
As part of the Payment Card Industry (PCI) Data Security Standard (DSS), we focus on ensuring the most cost-effective path to security and PCI compliance. Institutions striving for PCI DSS compliance can contract Rhino IT Security to help fulfill Requirement 11 of the PCI DSS.
Website Defacement Assessment
Rhino IT Security ensures that an attacker will not be able to make unauthorized changes to your financial services organization homepage, preventing negative publicity and keeping your customers’ data safe. Your homepage is your image and preventing negative publicity is as important as keeping your customer data secure.
Showing customers you can keep your web pages safe is an important part for maintaining their trust and confidence.
E-Banking Assessment
This is similar to our External Network Assessment, with some added tests to conform to the FDIC’s Financial Institution Letter (FIL-30-2003). This includes service provider oversight to determine if there is risk due to lack of vendor due diligence.
Social Engineering
Through a serious of “relaxed” questions and exercises, we try to “trick” employees into disclosing confidential information. We assess multiple vectors of attack: telephone, email (targeted or spam), a fake website, or even an in-person visit. This service is invaluable in helping identify vulnerabilities, and is an excellent way to educate employees and management on the best ways to thwart such attempts to breach your confidentiality. Social Engineering is valuable for identifying where corporate training must be strengthened and where employees stray too far away from secure procedures in their attempts to provide customer service and be helpful.
VoIP Audit –
Rhino IT Security evaluates the risk of common VoIP (Voice Over Internet Protocol) problems such as eavesdropping, quality-of-service, and product-specific vulnerabilities.
Wireless Security Assessment –
Our security assessment goal is to enumerate wireless access points and clients, determine configuration settings, and then expose and document any wireless network deployment errors.
Virtual Private Network (VPN) Security Assessment –
This is important when multiple business locations or partner networks are connected over the Internet. We identify f irewall configuration vulnerabilities; determine if there are any vulnerabilities in the network devices, and highlight general issues with the architecture.
Casino Audits
Rhino IT Security has developed a systematic approach to the specific needs and concerns of the Gaming Industry. This includes: Minimum Internal Controls Standards (MICS), IT audits for tribal casinos and gaming commissions, as well technical IT security assessments for casino network operations. A formal network security assessment of the entire casino and gaming commission infrastructure is the best way to minimize risk and achieve a fresh security baseline. Subtle technical configuration problems can introduce critical risk to the casino network and potentially limit gaming availability.
Other Services:
Source Code Audits; Data Center Analysis; Forensics and Incident Response; Product Evaluation