Consulting Solutions 
 
Home > Consulting Solutions > Information Risk Management & Security > Sample Engagements
 

Sample Engagements

  • Provided security consulting services to a large client to assess and baseline their security posture. The project involved an IT Risk Assessment and general controls inventory, internal and external penetration test, network topology review, compliance mapping (HIPAA, SOX, PCI, GLBA), physical security breach and social engineering exercises, end-point security assessment (~4,000 end points), data leakage assessment, an assessment of IT personnel supporting the environment, Vendor SLA assessment and remediation support. The scope of this engagement included over 80 contacts in more than 20 locations and resulted in several improvements to the environment, including a continuous Risk Assessment methodology, new support staff, renegotiated or terminated Vendor agreements, implementation of improved IT controls and security technologies and a refined IT Security Strategy.
  • Provided digital forensic services to an international client investigating allegations of employee misconduct and illegal activities. Accretive Solutions worked with client human resources and security personnel to define the scope and objectives of our review, and coordinate the acquisition and delivery of related data for forensic analysis. Our team of certified incident handlers and experienced forensic professionals traveled to client locations in order to acquire and analyze the necessary data.
  • Engaged by large hospital network to perform their annual penetration test. As one of three rotating vendors performing this assessment, Accretive Solutions was successful at finding exploitable vulnerabilities that were previously unreported. Our team worked with client IT personnel to remediate the critical vulnerability and ensure that sensitive data was no longer at risk.
  • Provided implementation and integration support to a client who recently purchased Cisco and Tripwire security products. The client felt the tools were being underutilized and could be better integrated with each other to satisfy security objectives. Accretive Solutions’ team worked with the client to a) understand their security monitoring, compliance and reporting needs; b) review the current implementation of their tools; c) determine if client personnel were adequately trained; and d) provide recommendations for staff training, reconfiguring the current tool set and integrating the current tools with open-source solutions to increase functionality while reducing cost.
  • Performed an energy company’s first SCADA security assessment to measure alignment with government standards. SCADA devices are used to monitor, alert and perform activities on gas pipelines (in this case). A member of Accretive Solutions’ security team, who participated in the development of the government standard (AGA 12) and worked with national SCADA laboratories, reviewed the configuration, communication and controls around the devices and their network. Assessment results helped the client address security and integrity risks, consolidate resources, develop formal controls and justify organizational change to ensure the SCADA systems were better managed.