Carson Associate's independent IT security assessment or audit will provide you with the knowledge to keep your information secure. Carson Associate's experienced staff uses proven methods to identify any vulnerabilities in your systems and help you keep your company compliant with industry regulations like PCI, HIPAA/HITECH and GLBA. And, if you store any government data, we can make sure your systems meet government (NIST) compliance standards.
Key Security Assessment Services
- Vulnerability scanning
- Penetration testing
- Web application testing
- Social engineering
- IT security gap analysis
- PCI compliance
Our Staff
The Carson team members are security professionals known for their many years of hands-on information security experience as well as their commitment to being available to effectively respond to security related issues and questions. They have degrees and certifications including CISSP, LPT, and are PCI Qualified Service Assessors (QSA).
Our Experience
Carson Associates has helped organizations achieve their goals by conducting independent security assessments and audits; performing vulnerability assessments and penetration testing; developing security policies and procedures; implementing security programs; developing and providing security training; and overseeing security operations, for more than 20 years.
Sound Technical Approach – Our team enforces a life cycle approach in structuring information security programs that ensure that your organization’s most critical data is protected; safeguarding its confidentiality, integrity, and availability. The technical solution we offer has been vetted over many successful engagements and couples the best of breed methodologies, technologies, and security experts together to bring a holistic view to an organizations security program.
Proven Management Approach – Carson Associates employs a proven repeatable management approach to ensure we deliver quality products that meet our customer needs on time and within budget. Our approach is based on the Program Management Body of Knowledge (PMBOK) as an industry best practice to track each company project from project inception to delivery. We use a matrix management approach to ensure we have the right people, right skills, at the right time to successfully accomplish project requirements. We use project management tools such as Microsoft Project to help guide our team throughout project performance.
Case Studies
- Congressional Bank
- ABT
- S-3
- Harford
- Encore
- RDS
- SAINT
Congressional Bank – Carson Associates performed a security assessment to evaluate the security posture of Congressional Bank’s LAN and outward facing IT resources. The security assessment included a vulnerability assessment scan and an internal and external penetration test of Congressional Bank’s IT resources. These activities confirmed the state of Congressional Bank’s security and were used as a security attestation document artifact for their annual audit.
ABT Associates – On behalf of ABT Associates, Carson Associates performed a system security assessment for one of their federal customers. The security assessment included a system boundary analysis, system security categorization, security control assessment/testing, risk assessment, and the development of a system security plan, security assessment report, and Plan of Action & Milestones (POA&M).
Additionally, on behalf of ABT Associates, the Carson team performed a gap analysis for an ABT customer to determine if FISMA-required security controls were effectively implemented. The task also included the development of a system security plan, POA&M, and recommendations on how to resolve any gaps in security controls that were not fully implemented.
S-3 – Social & Scientific System’s (SSS) requested that Carson Associates perform a gap analysis of their security program, to include a review of current security policies and procedures and how they compared to FISMA requirements and the HIPAA Security Rule. The gap analysis took a critical look at the current technical controls/safeguards that are implemented within the SSS corporate environment to assess its’ compliancy to FISMA and the HIPAA Security Rule. In support of the gap analysis, we also performed a vulnerability scan using SAINT®.
Harford Mutual – Carson Associates performed a vulnerability assessment, and an external penetration test of Harford Mutual’s external networks and web applications. In addition, Carson Associates conducted a security infrastructure review of network components entailing an automated assessment of internal server operating system configurations, and enterprise architecture components. Detailed mitigation activities were provided and a follow-up assessment was conducted the following year.
Encore Marketing International – Carson Associates provided technical advisory services to Encore to ensure that its encryption “Data at Rest” project infrastructure and upgrades were in compliance with PCI. Advisory services included conducting a mainframe PCI security standards assessment. Carson Associates provided vulnerability mitigation recommendations and verified the effectiveness of mitigation actions taken. In addition to mainframe activities, recommendations for infrastructure segmentation to limit the footprint of credit card data within the enterprise were provided.
Retail Data Systems (RDS) – Carson Associates performed a PCI DSS gap analysis of a point of sale solution being proposed by RDS to the Dairy Queen Operators Association. Travelled to Minnesota to perform testing at a representative Dairy Queen location, and at RDS offices. Compared PCI DSS requirements with controls implemented by the point of sale solution to identify any gaps in compliance. Prepared a detailed gap analysis document in a format similar to a report on compliance. Provided RDS with recommendations to correct the gaps identified during the evaluation.
SAINT Corporation – As strategic partner and subcontractor, Carson Associates has provided IT security services for SAINT Corporation commercial customers for many years. These services have included internal and external penetration testing, vulnerability assessment, Web application assessments, incident investigations, and social engineering assessments.