The Green Sheet Online Edition
January 25, 2016 • Issue 16:01:02
Holistic approach to cybersecurity
Redhawk Network Security LLC, a network engineering and information security firm established in 2001, designed a suite of onsite, remote and online services for businesses. Services include information security assessment, managed security services, security software-as-a-service, security consulting, network monitoring and management, network implementation, and network storage.
The company works closely with clients' IT staff to understand and identify organizational risks. Risks and controls are evaluated based on information security best practices defined in ISO/IEC 27001 and ISO/IEC 27002 specifications, along with guidance from the National Institute of Standards and Technology. Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) and related security standards is evaluated by the PCI Security Standards Council (PCI SSC). These standards provide the framework to ensure the safe handling of cardholder information.
Redhawk noted that its security analysts review all system assets within scope at client locations. Every aspect of a security program is evaluated, from network architecture, hardware and software configurations to policies and procedures. This hands-on approach employs software tools, manual analysis, interviews and personal observations to determine the program's overall effectiveness. A cloud portal provides detailed and easy to understand assessment reports along with tools for documenting remediation progress and managing vulnerabilities. Recommendations for remediation are provided for all vulnerabilities found.
After the review process, a comprehensive report provides documentation with recommendations to assure the client is following accepted industry best practices for maintaining information security. "Over the past few years we have seen progress in PCI compliance requirements, but we continue to see outdated assessment methods in numerous business sectors, including financial services, healthcare and government, that fail to provide merchants with a clear remediation path," said David Lindemann, Redhawk Vice President of Technology and Products. "Redhawk Network Security addresses this trend by providing our customers with next-generation security assessment services."
Next generation security assessment services
Beyond initial penetration testing and security assessment, maintaining a secure network requires ongoing due diligence and monitoring to mitigate vulnerabilities. Redhawk stated it offers a variety of services and products focused on security, including:
Redhawk security assessors have Qualified Security Assessor and Certified Information Systems Security Professional certifications and maintain the company's portal tools in conformance with PCI SSC assessment controls and specific acquirer compliance requirements. "The two most critical components in performing any type of PCI assessment is an accurately scoped cardholder data environment and a clear understanding of the acquirer's compliance requirements," Lindemann said. "While we do approach PCI compliance from a focused perspective, we are always looking to improve the industry standard and provide feedback to agencies and ISOs," he added.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.