Every engagement is unique. We customize our audit services to your specific needs.
Real-world engagements demonstrating our expertise across network security, compliance, and risk assessment.
A mid-size telephone company with many entities was concerned about network security risks.
A mid-size telephone company with many entities was concerned about network security. Management wanted an internal and external network security audit of each entity.
Altius IT provided a 50 point, 360 degree view of risks. Our services included an evaluation of:
Altius IT's analysis included a comparison of the organization with security best practices to identify gaps. Altius IT provided a report of findings as well as recommendations, costs, and a prioritized risk response executive summary Action Plan.
Altius IT's network security audit documented several areas that placed the organization at risk to both internal and external threats. The prioritized Action Plan helped the telephone company increase security and protect its information assets.
A large county needed assurance that its sensitive information was protected against hackers and other threats.
A county needed assurance that its sensitive information was protected against hackers and other Internet threats. County management was concerned about compliance related issues and wanted assurance its systems were protected against external threats.
Altius IT provided an External Network Security Audit. Our services included a variety of hacker type tools and techniques that identified and evaluated the county's external risks:
Altius IT compared the county with industry benchmarks and determined the type of security infrastructure in place. We tailored our attacks to take advantage of gaps.
Altius IT provided an External Network Security Audit Report, a Risk Assessment Report, and a prioritized Action Plan Report of security related recommendations.
Altius IT's external network security audit documented several areas that placed the organization at risk to external threats. The prioritized Action Plan helped the organization increase security while increasing protection of its information assets.
A software developer was notified its application was not secure. A client of the software developer requested a web application security audit.
A software developer provided on-line marketing solutions including web design, content management, and e-commerce solutions. The software developer was notified by a third party that its software was not secure. When negative publicity appeared in the media, clients and prospects became concerned and revenue declined. The software developer's President wanted assurance that its code, with interfaces to internal database systems, was secure and protected from threats.
Emulating the approach used by hackers, Altius IT used a variety of manual and automated tools to perform a controlled real-life attack on the organization's web application and web server for vulnerabilities. Altius IT evaluated the application for over 35,000 types of risks including SQL injection, cross site scripting, buffer overflow, authentication, encryption, JavaScript, and many others. Altius IT provided a Web Application Security Audit Report with our findings, an analysis of vulnerabilities, and solutions to enhance security.
Altius IT's web application security audit identified several areas that placed the organization at risk to hackers and other external threats. With Altius IT's report, the organization eliminated software bugs and enhanced security by implementing changes to their code and procedures. As a Certified Information Systems Auditor, Altius IT provided a follow-up web application security audit and verified that the security issues identified in the first audit had been addressed. Altius IT provided the software developer with our Auditor Opinion Letter that the client distributed to their prospects and clients. The organization's enhanced image and reputation helped it increase revenue both by retaining current customers and by converting new prospects into clients.
A large regional hospital needed assurance that health information was protected against unauthorized access. Meet HIPAA and HITECH compliance requirements.
A large regional hospital needed assurance that health information was protected against unauthorized access. The hospital needed to meet HIPAA and HITECH compliance requirements.
Altius IT provided a HIPAA / HITECH Compliance and Security Audit. Altius IT evaluated the hospital's security controls including:
Altius IT's reports documented several areas that placed the organization at risk to compliance and network related threats. Altius IT's Action Plan Report provided a prioritized risk response plan for the hospital with ways to enhance security, ensure protection of its information assets, and meet compliance requirements.
Altius IT's compliance audit enhanced the hospital's security controls. Management has assurance that systems and data are secure. EPHI is protected from unauthorized access and alteration.
A mid-size medical product manufacturer was concerned about the security of a new device. A risk assessment was needed to address concerns about patient confidentiality and the integrity of the product.
A mid-size medical product manufacturer was concerned about the security of a new device. The organization was concerned about patient confidentiality and the integrity of the product.
Altius IT's Risk Assessment inventoried relevant assets and organized the assets into asset categories. We identified specific threats and threat categories and documented vulnerabilities that existed as a result of the threats. Our Risk Analysis evaluated risks and the likelihood of various threat exploits. We identified security gaps that could be exploited by insider and outsider attacks. Altius IT's Risk Treatment Plan analyzed and documented risk reduction and risk treatment safeguards and controls for each vulnerability. Altius IT's Risk Task List identified preventive, detective, and corrective controls that eliminated or reduced risks to acceptable levels. Residual risks, risks that existed after controls were implemented, were identified, and prioritized so they could be monitored.
Altius IT's risk assessment documented several product related threats that placed the organization at risk to both internal and external threats. The medical device manufacturer achieved the following benefits:
A marketing company needed assurance that a newly developed mobile application was secure. A mobile application security audit was needed to address concerns about the security of the software application.
A marketing company developed a mobile software application for a large international client. Management at the marketing company was concerned about the security of the mobile application.
Altius IT provided a "hands on" security audit of the mobile application. We evaluated security risks related to:
Altius IT's Mobile Application Security Audit Report documented security risks and provided recommendations to enhance security.
Altius IT's mobile application security audit documented recommended changes to enhance security of the mobile application and server environment. The marketing company and the large international client had the peace of mind knowing that the mobile application kept information secure from intruders.
A mid-size bank was worried about social engineering attacks on its staff. Management was concerned about maintaining customer confidence and meeting compliance requirements.
A mid-size bank was worried about social engineering attacks on its staff. Management was concerned about maintaining customer confidence and meeting compliance requirements.
Altius IT provided a social engineering security assessment. Emulating the approach used by hackers, we manually performed a controlled real-life attack on the bank's staff and measured their response and actions to fake e-mail messages and false web sites. We benchmarked the bank against industry averages and provided the bank with ten recommendations to reduce their risks to social engineering attacks. Altius IT's social engineering security assessment documented weaknesses in the bank's security education training and awareness programs.
Altius IT's social engineering security assessment helped the bank formalize its security education and awareness training program and supplemented it with frequent reminders to employees, temporary staff, and contractors. Customer satisfaction was increased as a result of the increase in security awareness.
A mid-size telephone company with many entities was concerned about network security risks.
A mid-size telephone company with many entities was concerned about network security. Management wanted an internal and external network security audit of each entity.
Altius IT provided a 50 point, 360 degree view of risks. Our services included an evaluation of:
Altius IT's network security audit documented several areas that placed the organization at risk to both internal and external threats. The prioritized Action Plan helped the telephone company increase security and protect its information assets.
A large county needed assurance that its sensitive information was protected against hackers and other threats.
A county needed assurance that its sensitive information was protected against hackers and other Internet threats. County management was concerned about compliance related issues and wanted assurance its systems were protected against external threats.
Altius IT provided an External Network Security Audit using hacker type tools and techniques:
Altius IT's external network security audit documented several areas that placed the organization at risk to external threats. The prioritized Action Plan helped the organization increase security.
A software developer was notified its application was not secure.
When negative publicity appeared in the media, clients and prospects became concerned and revenue declined. The President wanted assurance that its code was secure and protected from threats.
Controlled real-life attack evaluating the application for over 35,000 types of risks including SQL injection, cross site scripting, buffer overflow, authentication, encryption, and JavaScript.
Eliminated software bugs and enhanced security. Provided Auditor Opinion Letter. The organization's enhanced reputation helped increase revenue.
A large regional hospital needed HIPAA and HITECH compliance.
A large regional hospital needed assurance that health information was protected against unauthorized access and needed to meet HIPAA and HITECH compliance requirements.
HIPAA/HITECH Compliance and Security Audit evaluating:
Enhanced security controls. EPHI protected from unauthorized access and alteration.
A mid-size medical product manufacturer concerned about device security.
Concerned about patient confidentiality and the integrity of the product.
Comprehensive risk assessment including:
Achieved Security, Continuity, Alerts, Redundancy, and Sociability for the product.
A marketing company needed mobile app security assurance for a large international client.
A marketing company developed a mobile software application for a large international client and was concerned about the security of the mobile application.
Evaluated security risks related to:
Documented recommended changes to enhance security. Peace of mind knowing the mobile application kept information secure.
A mid-size bank worried about social engineering attacks on its staff.
Concerned about maintaining customer confidence and meeting compliance requirements.
Controlled real-life attack with fake e-mail messages and false web sites. Benchmarked against industry averages. Provided ten recommendations to reduce risks to social engineering attacks.
Formalized security education and awareness training program. Customer satisfaction increased as a result of increased security awareness.
Schedule a free consultation with our CISA-certified auditors. We will help you choose the right audit for your organization and provide a clear path to stronger security.