Principle Logic - Home of computer and information security expert Kevin Beaver

My information security service offerings consist of the following:

Web Site/Application Security Assessments
Independent vulnerability assessments of your Web sites or applications are a great way to uncover some of the greatest risks to your business. Whether it's an in-depth look at all of your Web-based server systems, a penetration test of a specific Web application, or source code review this assessment is beneficial for product marketing, regulatory and business partner contract compliance, and general improvement of the end product. Or, if your organization falls under the PCI Data Security Standard Requirement 6.6, well, I specialize in application security and can help you with your independent security assessment.

Using HP's WebInspect (or other tools depending on your budget), I will look at your Web site/application from an untrusted outsider, trusted insider, or both. I can even perform validation assessment and generate a summary report outlining which of the intial assessment findings have been resolved for you to share with your customer or business partners. Consider this type of testing if you're a software vendor or development firm looking to enhance your application or product positioning from an information security or compliance perspective, someone responsible for the security of in-house applications, or you're an end user looking to evaluate third-party software before making an investment.

Network Vulnerability Assessments and Penetration Tests
Network vulnerability assessments are great for discovering technical weaknesses that exist in your computers and overall network. Sometimes referred to as penetration tests and vulnerability assessments, I can tailor this type of testing based on exactly what you need. I will look at your systems from an untrusted outsider, trusted insider, or both. Consider this type of testing if you wish to determine where your systems are currently vulnerable or wish to have periodic assessments (i.e. quarterly, bi-annually, etc.) to ensure no new vulnerabilities have cropped up and to help your organization meet the various regulatory requirements for ongoing security evaluations.

Expert Witness Services
For legal matters related to information security, regulatory compliance, or general IT governance, I can serve as your consulting expert and/or testifying expert. Regardless of which side of the case you're on, if you need help proving or disproving that adequate information security controls and practices were in place before/during/after an incident, I can help.

My specific areas of knowledge include regulatory compliance (HIPAA, GLBA, PCI DSS, and more), operating systems (Windows and NetWare), directory services (eDirectory and Active Directory), messaging systems (general email and GroupWise, Voice over IP, instant messaging, and peer to peer file sharing systems), remote access, mobile computing, laptop encryption, wireless networks, software security, identity theft, as well as hacking concepts, techniques, and tools. I've got the technical expertise, business knowledge, speaking skills, expert witness experience, as well as industry respect and recognition to help you with your case.

Keynote Speaking Engagements
If you're putting together an IT or security-related seminar or conference and are looking to bring in a thought-leader and well-known expert on computer and information security or regulatory compliance, I can help. I've keynoted conferences for Hewlett-Packard, IDC, and others and speak on engaging and timley information security topics. Speaking topics include security management, compliance and IT governance, hacking, careers, and more. Please contact me to discuss this further and hear about my reasonable and competitive speaking fee. In the meantime, click here to see what others are saying about my speaking abilities.

Security and Compliance Pre-Audits or Gap Analyses
Security and compliance pre-audits or gap analyses are helpful when you're preparing for that formal audit from a regulatory body, business partner, or other third-party. Or, if you just want to get up to speed with the widely-accepted ISO/IEC 27002 (formerly 17799) information security framework so you can reduce business risks and manage your compliance initiatives more effectively. These pre-audits or gap analyses are intended to assess your organization’s current information security systems practices and identify gaps between them and your established set of policies, procedures, standards and the ISO/IEC 27002 framework. Consider this type of service if you're wanting to take your information security program to the next level or your organization is about to be audited and you need to get things in order beforehand to help make things go more smoothly.

Please contact me and I can help you determine which information security assessment service is best for your organization as well as provide client references and testimonials, specific pricing for your needs, and a sample security assessment report so you'll know what you'll be investing in. See what my clients are saying about me here.

_____________________________________________

The deliverables for my security assessment offerings include:

Documentation on existing information security controls I find that support your organization's information security in a positive way
A detailed report outlining all potential and exploitable vulnerabilities discovered ranked by priority
Organizational/business process risks ranked by priority
Practical advice for addressing each item
Timeline and mitigation resource recommendations
Critical success factors to help with your overall information security strategy
Security policy templates for revamping existing policies or creating new ones
Screenshots and applicable testing tool results in their native formats

expert witness, computer security expert witness, information security expert witness, daubert, compliance expert witness, hacking expert, keynote speaker, security keynote speaker, well-known security expert, web application testing, security testing, penetration testing, software security expert, web application security, vulnerability testing, information security pre-audit, security gap analysis, webinspect, web inspect, PCI 6.6