Working Security protects Data and Computer Networks   Success

"Working Security is located in St. Louis, Missouri and provides CISO, Computer Forensics, Penetration Testing and other Computer Security services for commercial, government, and non-profit clients."

Meet Compliance and Assurance goals through: 

  • CISO On-Demand services,
  • Technology audit, risk assessment and mitigation services, 
  • Security testing to meet business partner or key customer requirements,
  • Pre-audit remediation for PCI, HIPAA, SSAE-16, FISMA, SOX.

Proactively Test I/T Security Infrastructure and Contingency Plans:

  • Our certified hackers find vulnerabilities before attackers do
  • Scanning servers, workstations and mobile devices for security vulnerabilities,
  • Performing penetration tests on public web servers, firewalls, and VPNs,
  • Web and Mobile application testing including source code reviews,
  • Social Engineering tests validate Security Awareness Training,
  • Testing disaster recovery processes in table-top and live recovery exercises.

Respond to Suspected and Confirmed Cyber Security Incidents where:

  • Your website has been defaced,
  • An outside party has embedded aggressive malware or a virus that keeps coming back,
  • Network devices are exhibiting strange behavior and the source can't be found,
  • Legally defensible forensic examinations or investigations are required,
  • insiders are suspected of violating policies and evidence is required before taking action.

We support your business, unbiased by a desire to sell hardware or software.   We help you balance I/T risk management with day-to-day I/T priorities, react to unplanned cyber-security events, and position yourself to minimize the potential impact of future incidents.

  • Risk Assessment in the Spotlight

OCRRisk assessment for healthcare providers and business associates is again in the spotlight.   The Department of Health and Human Services is gearing up for a new round of HIPAA audits.   At this point they are surveying 1200 firms and will include business associates.   The results of the survey will be hundreds of audits.  Of continued interest in this round are risk assessments.

Why does risk assessment keep jumping to the front?   Any time we hear of a breach of personal information an investigation follows.   It's very rare that an organization has done nothing to secure data.   The problem is they've done the wrong things.

Risk Assessment is the missing first step in the processing of establishing an effective Information Security program.   It creates a prioritized roadmap for firms to address information security issues.   In short, it tells an organization where to spend their time and money most effectively.  

Too many organizations fall victim to product based compliance schemes thinking that purchasing specific software or hardware products will make them HIPAA compliant.  

When risk assessment is cited as a shortfall, it's a good sign the organization was spending money on security, but wasn't making informed decisions.

The difference between demonstrating due diligence in securing information assets and not can sometimes be as simple as producing the results from an annual risk assessment.   

"We understood that risk, but didn't mitigate it as well as we could," is very different than saying "We never throughout about that risk and instead thought our anti-virus would protect us."   

Resulting costs can include millions of dollars and significant patient attrition.

Read More