Case Studies
PCI Compliance
At SecureState, we've developed our approach to align our recommendations with business needs in an effort to generate the highest Return on Security Investment.
» Download Case Study
Compliant vs. Secure
Compliance has received a lot of focus and fire by technical and management professionals. In the federal sector, FISMA was originally viewed as a major step forward for security when implemented in 2002. Shortly after implementation, it was viewed as a paper exercise and only fell into implementation by forced compliance. It is important for organizations and assessors to recognize compliance as a directional sign toward a secure implementation. It does not provide the exact path, but is more like a sign pointing the right direction in the middle of the woods.
» Download Case Study
PCI Guidelines
As a participant in the SIG, SecureState is well positioned to assist clients maintain compliance with the least impact. In SecureState’s preliminary analysis of existing clients,
97% of those who have a compliant risk assessment would not be compliant under the guidance.
» Download Case Study
Phishing
More and more, companies are starting to enact various
forms of employee security awareness training. They are
starting to recognize the value in attempting to secure
their people as well as their networks. One company who
recently came to SecureState had been pouring significant
budget into their training program. However, the Director of
Security who administered the programs had started to be
challenged by upper management to justify the amount of
money being spent.
» Download Case Study
iRisk
Aligning your security program with security risk
management shouldn't be overwhelming. The iRisk Case Study
will show you how to align your security efforts with your
overall strategy to manage security risk.
» Download Case Study
Data Discovery
The Director of Operations for a large university was
instructed by executive management to investigate if PCI or
PII data was currently being stored or transmitted on
externally-facing systems. Although the client fully
expected minimal findings, they wanted a third-party to
validate their recent scan results and ensure the data
controls which have been rigorously implemented inside the
company’s enterprise were also extended to their external
systems. The client’s presumption of security around
sensitive data primarily was based on adherence to
standards, Minimum Security Baselines (MSBs), and corporate
security policies--all of which were properly addressing
risks and countermeasures for sensitive data, and were being
followed by the university. Therefore, the university
anticipated the third-party would validate recent data
discovery scans, and conclude that externally-facing systems
posed little risk to sensitive data.
» Download Case Study
Moving IT to the Cloud
The Director of IT for a large scale retailer was
instructed by executive management to investigate moving as
many IT service as possible to the Cloud. Management was
enticed by the promise of agility and lower resource costs
of moving infrastructure, applications, and data to third
party Cloud service providers. However, the Director of IT
had concerns about security and was unsure how to
transition. He wanted to first fully understanding the
security implications of the decision.
» Download Case Study
Firewall Ruleset Review Looks at Segmentation between
Networks in Supermarket Chain
This case study about a supermarket store chain
demonstrates the importance of segmentation and utilizing a
Firewall Ruleset Review to verify the segmentation.
Specifically, SecureState helped the store chain assess how
well segmentation of its wireless-enabled embedded devices
from its corporate network was done.
» Download Case Study
Forensic Expertise Reveals Storage of Track Data
This is a case study about a software company that
develops payment applications that must meet a specific set
of requirements outlined in the Payment Application Data
Security Standard (PA-DSS). The client challenge involves
determining what type of expertise the PA-QSA that performs
the assessment possesses.
»
Download Case Study
Corporate Resiliency Begins with Planning and
Preparation
This case study about a large financial institution
demonstrates the proper way to set up policies and
procedures pertaining to disposing of sensitive information
in a secure fashion. SecureState was brought in to determine
where the weaknesses are, and how they need to be corrected
in order to meet the proper standards.
»
Download Case Study
External PenTesting and Corporate Resiliency
This is a case study of three companies that had External
Penetration Assessments performed. This document will detail
how SecureState broke into the organizations and what
recommendations SecureState provided to the clients -
including the often understated necessity and importance of
having a corporate resiliency program in place.
»
Download Case Study
Beyond the Privacy Policy
A multinational company that is not currently EU-US Safe
Harbor certified elected to undergo a Privacy Gap Assessment
to determine both current compliance with Safe Harbor and
the next steps in achieving a more secure environment.
»
Download Case Study
Lack of Preparation leads to Malware Infestation
This is a case study of a polymer company that was
severely deficient in minimum security baselines and
incident response preparation, as such these deficiencies
led to a malware infestation that proved difficult to
remove.
»
Download Case Study
Lack of Incident Response-Event Correlation
This is a case study of an energy company, SecureState
was brought in to perform multiple assessments but quickly
discovered the biggest flaw was the lack of incident
response and event correlation.
»
Download Case Study
Internal Penetration Assessment Discovers PCI
Application Flaws
In this study, a university was receiving a Return on
Compliance (RoC) and needed an internal penetration
assessment performed to verify compliance. SecureState
determined a flaw in a third party vendor that led to
unencrypted sensitive information.
»
Download Case Study
Incident Response reveals previous intrusion
This is a case study of a vet clinic, the vet clinic
noticed a breach after coming in on Monday and finding
multiple critical software and programs deleted. SecureState
was brought in to determine the breach, how it occurred and
when it occurred.
»
Download Case Study
HIPAA: Ripping Off the Bandage
This is a case study of a large regional hospital that
wanted to understand their HIPAA security gaps and obtain
technical validation of the deficiencies in their security
management program.
»
Download Case Study
Physical Penetration Test: It Was A Cold Dark Night
SecureState was successful in breaching the clients'
property and building during a physical penetration test.
The company was at extreme risk when it came to loss of
confidentiality, integrity, and availability of systems and
information.
»
Download Case Study
PCI Gap Analysis Reveals Poor Contract Management
In January 2010, the merchant bank for a very large
realty firm requested the organization show compliance with
the PCI standard by September 30, 2010. Never having to be
PCI compliant before, the Level 2 realty corporation
contracted SecureState to perform a PCI Gap Analysis to help
them identify gaps and become PCI compliant.
»
Download Case Study
Restaurant Chain-PCI Gap Analysis, Remediation and
Forensics Investigation
In September of 2007, the Secret Service showed up at the
door of a restaurant chain and reported to them that a
number of their customers were reporting the same types of
fraudulent charges on their credit cards.
»
Download Case Study
Virtual Website Hosting Internal and Wireless
Penetration Test
After decades of continuous growth and profit, the
company contracted SecureState to review the external
security around the websites of new acquisitions.
»
Download Case Study
Grocery Store Internal and Wireless Penetration Test
After the Hannaford grocery chain suffered a breach, the
management at another large grocery chain approached their
security department and posed the question "Could it happen
here?"
»
Download Case Study
Financial Organization 3rd Party Software Case Study
SecureState performed an external attack and penetration
for a top United States bank. This assessment simulated an
attacker attempting to gain access to the bank's resources
across the Internet.
»
Download Case Study
Casino Case Study
Never having tested the logical (IT) security of their
organization, a Casino contracted SecureState to perform
internal and wireless penetration tests.
»
Download Case Study
Breaking The Bank
This paper is a case study of a Midwestern bank that
requested to have its physical security assessed via
penetration testing including secondary information
gathering and testing the resulting vulnerabilities found.
»
Download Case Study