Your Company’s Information Security is Not a Checklist
Alasdair Is Here to Fortify Your Business, Not to Sell Some Software Package
Here’s a checklist:CEOs love us
IT admins love us
Even the CFOs love us (if they’ve already been hacked and have seen the financial damage)
How often do all three agree on something?
Security Assessments Should Be Even More Creative than the HacksPlenty of businesses are compromised by the shotgun-effect of malicious scripts running on compromised machines on the other side of the world.
For everyone else, we have creative criminals. If your IT hardware is more than an hour old, someone has compromised that exact machine countless times. These people constantly poke at similar systems and share their successes online – they are going to know your flaws better than your IT people.
Alasdair approaches vulnerabilities with a lot of the same processes and knowledge. We’re full-time because they’re full time.
When We Run Penetration Testing, Cookie Cutter Doesn’t Cut It
A lot of people call themselves pentesters. They’ll run some kind of scanning software, or a couple of scripts, and print out a stack of boilerplate text and charts that have nothing to do with your business and its vulnerabilities. IT consulting is full of cookie-cutter reports intended to sell you something.
We dig in and come to understand your business. That way we can tell the difference between ugly, life-threatening vulnerabilities, and potential sources of moderate annoyance. Your mission-critical servers, your intellectual property, and your treasured client data are treated with the attention and respect they deserve.
This simple mistake causes a subtle but potentially catastrophic error. By writing exactly 64 characters into a 64-character string, it leaves no room for a null character! So printf will keep printing past the string and into memory (at least until it finds a zero!). You could either limit strncpy to 63 characters or make temp 65 characters to remediate this particular issue. As always, pre-wiping the destination buffer by using memset to zero it out can also help reduce errors, but keep an eye out for subtle buffer overflows like this!
Breaking Your Security So Criminals Don’t Have To
Alasdair actually figures out how to break into your IT, and we almost always succeed. Then we show your administrators how to guard against these attacks.
Maybe we break in from a PC anywhere on the internet, or slip a USB drive into your front desk computer. We might try tricking an employee into divulging sensitive info, or sit in your parking lot with a laptop and break in through your Wi-Fi. Maybe your networked printer is letting anyone waltz in and access your servers!
We keep an open mind because criminals are quite creative.
Assess and Reduce your HIPAA Security Risk
Alasdair Security helps you with cost-effective preparation for HIPAA compliance audits.
You might think the Protected Health Information (PHI) you're storing is locked up tight, but a moderately determined hacker might be able to break in - and get your company in a lot of trouble. Computer systems can even wrongfully disclose PHI due to programming errors without any malicious intent - and get your company in a lot of trouble.
We're Security Consultants, Not a Law Firm!
To make it clear, we don't preform HIPAA compliance audits - we fix your IT security to help you pass your HIPAA audit. Only a lawyer can tell you if you're HIPAA compliant.
Adaptive and Proscriptive/Regulatory Security Frameworks
Adaptive: When your IT infrastructure and business needs are constantly changing, your security framework has to adapt to a wide range of situations. A simple, inflexible security framework will slow you down and encourage your people to break it. Flexibility and adaptation are the only ways to stay protected in the long run.
Proscriptive/Regulatory: When regulatory compliance is the driving force behind your IT security, it has to inform the basis of your security framework.
Incident Planning – Avoid the Meltdown
Beyond making attacks less likely, we make attacks less costly. We’ll put together an incident response framework based on your business – not on a business-sort-of-like-yours. We’ll give you the toolset to minimize damage and get back on your feet sooner.
Incident Response – Minimize Damage
Once an incident has happened, organizations typically are interested in bolstering their incident response plans to address future issues. Testing those response plans is also key, and we can assist with those needs.
We Partner with You However it Suits You
Alasdair loves partnering with our clients.
- White Labeling: We’ll wear your uniform or ours. Partnering with Alasdair multiplies your company’s skillset, and whitelabeling makes it obvious to your clients.
- Staff on Demand: Alasdair lets you expand your team when you need us, and keep it lean when you don’t.