Case Studies
Firewall Ruleset Review Looks at Segmentation between
Networks in Supermarket Chain
This case study about a supermarket store chain
demonstrates the importance of segmentation and utilizing a
Firewall Ruleset Review to verify the segmentation.
Specifically, SecureState helped the store chain assess how
well segmentation of its wireless-enabled embedded devices
from its corporate network was done.
» Download Case Study
Forensic Expertise Reveals Storage of Track Data
This is a case study about a software company that
develops payment applications that must meet a specific set
of requirements outlined in the Payment Application Data
Security Standard (PA-DSS). The client challenge involves
determining what type of expertise the PA-QSA that performs
the assessment possesses.
»
Download Case Study
Corporate Resiliency Begins with Planning and
Preparation
This case study about a large financial institution
demonstrates the proper way to set up policies and
procedures pertaining to disposing of sensitive information
in a secure fashion. SecureState was brought in to determine
where the weaknesses are, and how they need to be corrected
in order to meet the proper standards.
»
Download Case Study
External PenTesting and Corporate Resiliency
This is a case study of three companies that had External
Penetration Assessments performed. This document will detail
how SecureState broke into the organizations and what
recommendations SecureState provided to the clients -
including the often understated necessity and importance of
having a corporate resiliency program in place.
»
Download Case Study
Beyond the Privacy Policy
A multinational company that is not currently EU-US Safe
Harbor certified elected to undergo a Privacy Gap Assessment
to determine both current compliance with Safe Harbor and
the next steps in achieving a more secure environment.
»
Download Case Study
Lack of Preparation leads to Malware Infestation
This is a case study of a polymer company that was
severely deficient in minimum security baselines and
incident response preparation, as such these deficiencies
led to a malware infestation that proved difficult to
remove.
»
Download Case Study
Lack of Incident Response-Event Correlation
This is a case study of an energy company, SecureState
was brought in to perform multiple assessments but quickly
discovered the biggest flaw was the lack of incident
response and event correlation.
»
Download Case Study
Internal Penetration Assessment Discovers PCI
Application Flaws
In this study, a university was receiving a Return on
Compliance (RoC) and needed an internal penetration
assessment performed to verify compliance. SecureState
determined a flaw in a third party vendor that led to
unencrypted sensitive information.
»
Download Case Study
Incident Response reveals previous intrusion
This is a case study of a vet clinic, the vet clinic
noticed a breach after coming in on Monday and finding
multiple critical software and programs deleted. SecureState
was brought in to determine the breach, how it occurred and
when it occurred.
»
Download Case Study
HIPAA: Ripping Off the Bandage
This is a case study of a large regional hospital that
wanted to understand their HIPAA security gaps and obtain
technical validation of the deficiencies in their security
management program.
»
Download Case Study
Physical Penetration Test: It Was A Cold Dark Night
SecureState was successful in breaching the clients'
property and building during a physical penetration test.
The company was at extreme risk when it came to loss of
confidentiality, integrity, and availability of systems and
information.
»
Download Case Study
PCI Gap Analysis Reveals Poor Contract Management
In January 2010, the merchant bank for a very large
realty firm requested the organization show compliance with
the PCI standard by September 30, 2010. Never having to be
PCI compliant before, the Level 2 realty corporation
contracted SecureState to perform a PCI Gap Analysis to help
them identify gaps and become PCI compliant.
»
Download Case Study
Restaurant Chain-PCI Gap Analysis, Remediation and
Forensics Investigation
In September of 2007, the Secret Service showed up at the
door of a restaurant chain and reported to them that a
number of their customers were reporting the same types of
fraudulent charges on their credit cards.
»
Download Case Study
Virtual Website Hosting Internal and Wireless
Penetration Test
After decades of continuous growth and profit, the
company contracted SecureState to review the external
security around the websites of new acquisitions.
»
Download Case Study
Grocery Store Internal and Wireless Penetration Test
After the Hannaford grocery chain suffered a breach, the
management at another large grocery chain approached their
security department and posed the question "Could it happen
here?"
»
Download Case Study
Financial Organization 3rd Party Software Case Study
SecureState performed an external attack and penetration
for a top United States bank. This assessment simulated an
attacker attempting to gain access to the bank's resources
across the Internet.
»
Download Case Study
Casino Case Study
Never having tested the logical (IT) security of their
organization, a Casino contracted SecureState to perform
internal and wireless penetration tests.
»
Download Case Study
Breaking The Bank
This paper is a case study of a Midwestern bank that
requested to have its physical security assessed via
penetration testing including secondary information
gathering and testing the resulting vulnerabilities found.
»
Download Case Study