IoT Mesh Yagi kBan
Mid-Fight Refuelin
Rare-Earth Mineria
Socks, Sandles and
mesothelioma machi
Dark Crystal Thera
Japenese vending m
Coupons, Daily Dea
OTC, Prescription,
Pole Prancing, Liv

HIPPA PCI Complian
Bleacher Graduate
Yakuza Pedicure/Ma
DOT Prison Currenc
Student buy Essay
Internships, and I
MS Scarlett Feaver
Prenuptial Escape
Medicare Advantage
Pandemic Mitigatio
<<      >>
Contract Breach Audits We have been retained to investigate claims from a supplier whose system was breached, due to a vulnerability in the supplier's IT infrastructure. The supplier had identified the security vulnerability, but did not have a procedure for reporting the issue and so we're assisting them with remediation. In essence, this was an over-optimistic attempt to reduce overall risk. This is an interesting case as the supplier is an IT supplier to a number of companies and so should have internal controls in place around this type of issue. I shall be making an assessment on the control environment for this supplier and will be able to provide some advice on areas where a more secure approach could be taken. It is often quite easy to identify a weakness in an IT system; however, getting the message across to staff and management that it needs to be fixed can be a challenge. For a system used by other companies, which the supplier may not have control over, it is likely that little can be done to improve the situation. I will be performing an analysis of the breach, to identify the vulnerability and recommend security controls which can be implemented to reduce the chances of a similar issue occurring in the future. Audit of the supplier’s IT security Client asked us to provide a security audit of their current situation. We provided a detailed analysis of their current system (an internal database) and made recommendations for changes to address any security weaknesses identified. The client will be undertaking further actions to address these issues. Systems security audit Our client required a security review of their system, to provide an initial understanding of their current security policies and processes. We identified some key areas for improvement which were implemented. Red team review A red team member was brought in to review and provide recommendations for improvements to the organisation’s security. Recommendations included the adoption of a policy and policy compliance framework, a formal risk register, the implementation of some key technical controls and a number of improvements to the security awareness of staff. IT security assessment The client has an application which generates test reports and the data on the network drives from the application is used by the other organisations for data collection. As a consequence, an incorrect user name and password on this application could result in an organisation being unduly exposed to the data collected by the other organisations. To prevent this, we performed an assessment to identify the risks and to determine any further action required. We identified the following areas for further consideration: Users had different user names and passwords for accessing the application compared to the other parts of the organisation IT support is only available for application from the same user names and passwords as they use elsewhere. There was no documentation that provided information on alternative procedures for accessing the application The company had an outdated IT security policy and did not have any process in place to identify these kinds of issues. It was also found that the organisation's security management committee had been dormant for over five years. These issues were raised with the client so that they could implement appropriate countermeasures and so prevent this problem from occurring in the future. This case was not handled by Chris Murgatroyd, who was out on leave. IT security audit Our client’s IT security practices had been breached through the theft of several laptops which included some confidential information about their operations. This case was discussed by the board of directors, who were concerned that the breach had occurred for some time and could have been detected before it became a significant risk to the company. Our client would have faced significant penalties and reputational damage, if their management were to have been found to have been lax in their oversight of the security of this information. Therefore, a forensic investigation was instigated into the breach. This investigation was led by our client and included third party expertise in areas of IT security management. We supported this investigation and performed the relevant IT audits. Data security assessment Our client was in the manufacturing industry and had recently acquired a number of data centres, to help them with their business. However, they had a history of problems with previous vendors and had no IT audit trail from its previous systems. A systems audit was performed, to identify the level of control over the data and its associated security. The project was implemented on a fixed price, including interim support for one month, during which the scope was defined and a project plan drafted. To aid this, we reviewed the client's IT documentation to identify areas for improvements, including the implementation of data retention processes to identify the records of users, access rights, security policy and the audit trail. System audit Following our client’s acquisition of two large data centres, we were called in to perform a review of their IT controls and practices. We identified several weaknesses that were addressed in a four day audit, at the client's facilities. On completion, the clients' IT managers were happy with our findings. We are not currently performing any further work with them. Data security review We performed an independent audit of the client’s data security, as it was part of a public-private partnership which was set up to provide a high-speed communications network. This partnership would allow our client, the network operator, to generate income to meet their obligations to the private investors in the partnership. We identified a number of data security issues that needed to be addressed. The client has a data warehouse which is a central repository of information for many different areas of the business. This information includes credit card transactions for their clients, which includes their name, date of birth, home address and credit limit. As a result, this information needs to be protected. We made recommendations for areas where data security procedures could be improved, which included implementing effective password management and secure access control. I performed an assessment of the security of a client's internal infrastructure. To do this, I reviewed the current policies, and to ensure that they are up to date, and I performed a penetration test, which included a detailed analysis of the client's network infrastructure. Following this, I performed a review of the security procedures for the client's data and IT systems. I made recommendations for further improvements. IT security audit We performed an audit of a client's system, which generated their accounting information, to determine their level of data security. We recommended that they implement a new data backup policy, which they were very happy to accept. However, there was also a risk of the data being subject to a disaster recovery risk in the event that they lost their tape backups. This was something that our client was not comfortable with, and so we made recommendations to avoid this risk. This review was to identify the data security and risk management practices of a client and was carried out in accordance with the ISO27000 standard. This is considered to be a large investment for a client and a significant risk management exercise. It will help our client to avoid breaches, which will ensure their continued growth. System security audit This organisation was a large company with many different branches around the world. We were called in to audit the controls over a central database which held information on their international operations. It would have been possible for the files to be easily copied and distributed among the branches, which could have led to a major loss of client information. This is because there was no restriction on who could access the files. System security review Our client is a large international company that wanted an assessment of their business to ensure that they were operating in a secure environment. This was carried out by an external professional who reviewed their security processes and practices. The client had recently invested in a new web-based portal, which contained information that they would like kept secure. We did a review to identify any vulnerabilities and made recommendations to improve their security and also for the further implementation of their existing security processes. Security audit We performed a risk assessment on an e-commerce web site, and assessed the risk of customers' card details being compromised. We also carried out a penetration test on the site, to identify any weaknesses and recommended any changes that should be made to reduce the risk. We made a number of recommendations to our client. The recommendations included improvements to their firewall, the implementation of anti-virus software on the site and the improvement of their security procedures. Data security assessment Our client, a large international organisation, was concerned about the security of their customer data. They were under new ownership and management and needed to review the data security management processes that they had in place. We carried out an audit of their data security practices and found them to be ineffective in ensuring that the data was sufficiently protected from third parties and the business risk from a failure to do so. We advised on the type of controls that should be implemented to ensure that customer data was protected and gave recommendations on an improved methodology for reporting the loss or theft of data. Data security audit Our client was a large international energy company that needed to review their data security processes to ensure that they were up to date and adequately protected. We carried out a detailed security audit of their systems, to identify the level of security that they were providing to their data and procedures. We developed a detailed audit plan to ensure that we covered all the data that we needed to examine. This included a risk assessment, which identified the potential risks to our client. The audit took place over five days and found several areas of potential risk to our client. The audit identified a number of improvements which would improve the security of our client's data. These include