Principle Logic - Home of Atlanta-based computer and information security expert Kevin Beaver

Assessments

Web Site and Application Vulnerability Assessments and Penetration Tests
Independent vulnerability assessments of your Web sites or applications are a great way to uncover some of the greatest risks to your business. Whether it's an in-depth look at all of your Web-based server systems, a penetration test of a specific Web application, or source code review this assessment is beneficial for product marketing, regulatory and business partner contract compliance, and general improvement of the end product. Or, if your organization falls under the PCI Data Security Standard requirements, I can help you with your security assessments. Using well-known and widely-accepted commercial tools such as HP's WebInspect as well as in-depth manual analysis I will look at your Web site/application from an untrusted outsider, trusted insider, or both. I'll provide you with a detailed report* on exactly what you need to focus your efforts on to reduce your risks. I can also perform a remediation validation assessment and deliver a summary report outlining which of the intial assessment findings have been resolved for you to share with your customers or business partners. Consider this type of testing if you're an organization with a Web presence, software vendor or development firm looking to enhance your application or product positioning from an information security or compliance perspective, responsible for the security of in-house applications, or you're looking to evaluate third-party software before making an investment.

Network Vulnerability Assessments and Penetration Tests
Network vulnerability assessments are great for discovering technical weaknesses that exist in your computers, wireless systems, and overall network. Sometimes referred to as penetration tests and vulnerability assessments, I can tailor this type of testing based on exactly what you need. Using well-known and widely-accepted commercial tools such as QualysGuard as well as in-depth manual analysis I will look at your external and/or internal systems from the perspective of an untrusted outsider, trusted insider, or both. I'll provide you with a detailed report* on exactly what you need to focus your efforts on to reduce your risks. Consider this type of testing if you wish to determine where your systems are currently vulnerable or wish to have periodic assessments (i.e. quarterly, bi-annually, etc.) to ensure no new vulnerabilities have cropped up and to help your organization meet the various regulatory requirements for ongoing security evaluations.

Information Risk Assessments, Compliance Gap Analyses, Pre-Audits
An information risk assessment, gap analysis, or pre-audit will help you determine where your business stands with regard to overall information risk and, perhaps,prepare for that formal audit from a regulatory body, business partner, or other third-party. Be it HIPAA, HITECH, GLBA, PCI DSS or other regulatory requirements or if you just want to get up to speed with the widely-accepted ISO/IEC 27002 (formerly 17799) information security framework so you can reduce business risks and manage your compliance initiatives more effectively this type of assessment will do wonders. I will assess your organization's current information security systems practices and identify gaps between them and your established set of policies, procedures, standards and the ISO/IEC 27002 framework. If you don't have established security documentation, no worries. I'll help you put it all together. Consider this type of service if you're wanting to find the operational security issues in your business in order to take your information security program to the next level or your organization is about to be audited and you need to get things cleaned up beforehand to help make things go more smoothly.

Incident Response and Security Breach Analysis
If you've recently been hacked or suspect some form of security breach (internal or external) has occured, I can help you find the operational and technical security weaknesses that may have been exploited and consult with you on how you can improve your technical controls and/or IT operations to prevent future breaches from occuring. I don't do formal forensics analyses but, just as importantly, I can validate that what you're doing - or have done - to resolve the issues that led up to the breach is proper and reasonable in the context of information security.

*My security assessment reports typically include:

Documentation on existing information security controls I find that support your organization's information security in a positive way
A detailed report outlining all potential and exploitable vulnerabilities discovered ranked by priority
Vulnerability scanner reports
Screenshots and other findings uncovered during the manual assessment phase
Organizational/business process risks ranked by priority
Practical advice for addressing each vulnerability
Timeline and mitigation resource recommendations
Critical success factors to help with your overall information security strategy
Security policy templates for revamping existing policies or creating new ones

Expert Witness

Expert Witness Consulting and Testimony
For legal matters related to computer and information security, regulatory compliance, or general IT governance, I can serve as your consulting expert and/or testifying expert. My specific areas of knowledge include regulatory compliance (HIPAA, HITECH, GLBA, PCI DSS, and more), operating systems (Windows and NetWare), directory services (eDirectory and Active Directory), messaging systems (general email, Voice over IP, instant messaging, and peer to peer file [P2P] sharing systems), content filtering, security policies, remote access, mobile computing, laptop encryption, wireless network security, software security, identity theft, as well as hacking concepts, techniques, and tools. I can also perform peer reviews of security assessment reports, security audit reports, or forensics reports to help you and your client determine whether or not proper and reasonable steps were taken to minimize future information risks. I've got the expert witness experience, technical expertise, business knowledge, speaking skills, as well as industry respect and recognition to help you with your case or incident.

Speaking, Training, and Writing

Speaking Engagements
If you're putting together an IT or security-related show or conference and are looking to bring in a thought-leader and well-known expert on information security and compliance, I can help. I've keynoted conferences for Hewlett-Packard, IDC, ISSA and others and speak on engaging and timely information security topics. I can perform a keynote address, lead a seminar, or serve as a panelist on topics such as:

Information security leadership
Ethical hacking and security testing
Mobile security
Employee monitoring
Identity theft
Compliance

Please contact me to discuss these further, throw around some new ideas, and hear about my reasonable and competitive speaking fee. In the meantime, you can see what others are saying about my abilities as a professional speaker and seminar leader .

Information Security Webcasts and Podcasts
If you're a publisher, media-based organization or technology vendor and you're looking for a thought-leader and well-known expert on information security and compliance to present a webcast / webinar or record a podcast, I can help. Please contact me to discuss this further and hear about my reasonable and competitive pricing. In the meantime, click here to see what others are saying about my speaking abilities in past seminars and keynote presentations.
_____________________________________________

Please contact me and I can help you determine which information security service is best for your organization as well as provide client references and testimonials, specific pricing for your needs, and even presentation/seminar outlines or sample assessment reports so you'll know what you'll be investing in. See what my clients are saying about me.

incident response, hack assistance, pci expert, data security consultant, computer security consultant, security audit, compliance audit, security pre-audit, information risk assessment, security policy documentation, independent information security audit, information security seminar, expert witness, computer security expert witness, information security expert witness, daubert, compliance expert witness, hacking expert, professional speaker, keynote speaker, security keynote speaker, security panelist, well-known security expert, web security consultant, web security assessment, independent web security audit, independent web application testing, security testing, penetration testing, software security expert, web application security, vulnerability testing, vulnerability scan, security scan, information security pre-audit, security gap analysis, qualysguard, qualys, webinspect, web inspect, PCI audit, PCI assessment, PCI scan, HIPAA consultant, GLBA consultant, got hacked, security breach analysis, wireless security expert, computer hack analysis, web site security consultant, network analyzer, sniffer, WebInspect expert, WebInspect consultant, whitepaper author, whitepaper development