Information Risk Management & Security
Security is an insatiable inherent risk, not only because technology continues to change, but because your business, your people, and your strategy are changing too. Keeping up with security trends, risks, and technology is more than a full time job. We have the experience and expertise to assist you with assessing, strategizing and implementing a security and risk framework that "makes sense" for your business, and prevents you from falling behind.
Accretive Solutions' team of experienced security professionals maintain certifications that include various Microsoft, SANS, Novell, Checkpoint and Cisco certifications along with CISM, CISSP and Certified Ethical Hacker certifications. Our professionals average over 10 years of experience in Information Risk Management and Security, Digital Forensics, Incident Response, and Information Risk Management and Security consulting.
Our Information Risk Management and Security service offerings include:
Information Security Program Design & Assessments
Accretive Solutions can support your strategic security, compliance and risk management objectives by assisting you in the development of your company’s Information Security Strategy, as well as information security policy, procedures, guidelines, and configuration standards. We assess your security program against industry best practices including but not limited to ISO27001, ISO 27002 and COBIT.
Outsourced Security and Compliance Program Office
With many demands on your time and limited resources, how do you assure that your information is secure? Hiring and maintaining certifications for a full time security staff is expensive and time consuming. As an alternative, Accretive Solutions can provide you with on site and virtual resources to give you a part time security team that will meet your information security needs faster and at a lower cost.
Customized Security Awareness Program
Your people are your greatest assets, yet they can also be your greatest risk. As the old adage goes “Security is everyone’s responsibility”. This still holds true today, do all your employees know, understand and are held accountable for their security responsibilities. Accretive Solutions can provide you with a custom security awareness program that is delivered to your employees in a multitude of media including iPhones and iPads. We provide you with a custom ongoing awareness program, not just a program that you execute on an annual basis.
Payment Card Industry (PCI) Compliance
Certified by PCI SSC as a Quality Security Assessor (“QSA”) and an Approved Scanning Vendor (ASV), Accretive Solutions helps all levels of merchants and service providers with the following:
- PCI Readiness Assessments (Level 2, 3 and 4 Merchants and Service Providers)
- Implementation and Remediation Activities
- Annual PCI-DSS Onsite Assessment Report on Compliance (“ROC”)
- Annual PCI-DSS Self Assessment Questionnaire (“SAQ”)
Validation Vulnerability and Penetration Assessments
A vulnerability assessment represents a detailed technical vulnerability analysis of a client's internal and/or external networks, systems, and applications. Penetration assessments are used to simulate techniques and attacks used by hackers to attempt to gain access to clients’ networks and data. This is also referred to as "ethical hacking". Accretive Solutions' security methodology simulates a true attacker perspective related to an organization's security posture and the extent to which vulnerabilities can be exploited. We perform both “White Box” and “Black Box” testing.
Physical Security & Social Engineering
Physical Security and Social Engineering are used to assess the ingress security of your facilities and sensitive areas with your facilities. Accretive Solutions' personnel will utilize non-destructive techniques to attempt ingress access to secure facilities and/or secure areas within your facility and collect trophies as evidence of the successful breach.
Disaster Recovery Planning/Business Continuity
We help organizations develop Disaster Recovery and Business Continuity plans that allow you to continue your key business functions when you are not able to operate in your primary location. Our methodology is a proven multi-step process based on business continuity best practices.
Digital Forensics is the "art" of acquiring, restoring, and assessing data and information that previously existed on computer hardware and / or related software. Incident Response services encompass the identification and analysis of evidence related to hacking attempts, fraud, embezzlement, misconduct, etc., as well as forensic evidence collection / retention utilizing formal evidence handling and chain of custody procedures. Additionally, our Digital Forensic tools can perform declassification of digital media.