Security and Privacy

How hip are your people at information security and incidence response?

-- Mark Seiden
Senior Consultant
Cutter Consortium

Get security and privacy advice from Cutter's experts.

Steven I. Cooper

Andrew Fried

Scott Hastings

Rebecca Herold

Mark Seiden

Security Architecture and Design

From the design and development of individual applications to enterprise network architecture, our approach is to make security an integral part of the finished product, ensure it is cost-effective and acceptable to your employees, and that it differentiates your products from those of your competition. We can provide services ranging from a brief design review to expose any problems with technology, implementability, scalability, and manageability to the in-depth design of secure web-to-database integration projects, authentication and access control systems. Services include applied cryptography; wired and wireless data and telephony networks; and Internet services including e-mail, DNS, Web, FTP, firewall and VPNs.

Security and Privacy Policies, Procedures, Standards and Guidelines

For more than 16 years, Cutter Senior Consultant Rebecca Herold has created security and privacy policies, procedures, standards and guidelines. She has created such documents for organizations of all sizes and within a range of industries throughout the world. Rebecca Herold can create these documents for your organization, based upon the proven foundations of standards such as ISO 27002, NIST, COBIT, and the OECD privacy principles, and customizing them to fit your particular environment.

Third-Party Security and Privacy Program Reviews

Third-party reviews of business partner, vendor, and/or outsourced services provider information security and privacy program reviews are necessary for organizations that must demonstrate due diligence - not only for government regulators, but also for their customers and board members. For these organizations, it is critical to know that the organizations to whom they have entrusted their data handling and processing functions have sound and effective information security and privacy programs. Using a comprehensive methodology based upon a combination of ISO 27002 and the OECD privacy principles, Cutter Consortium Senior Consultant Rebecca Herold makes these reviews as efficient, comprehensive, and repeatable as possible.

Information Security and Privacy Training and Awareness

There are a multitude of data protection regulations and laws with training and awareness requirements, and it is important organizations provide effective education that fits their unique organization requirements. Cutter Consortium Senior Consultant Rebecca Herold can create, based upon proven and sound education concepts, a customized information security, privacy and compliance education program for your organization. The program Ms. Herold will create for your organization is not only designed solely upon your specific security and privacy concerns, but takes into account the learners needs of those in your organization: their expectations, learning styles, time commitments, job responsibilities, learning levels and objectives. In addition, Ms. Herold can provide content for your organization's ongoing awareness activities to effectively communicate the information security, privacy and/or compliance issues.

Security Risk Assessment and Review

Do you know what you're up against? Cutter Consortium is available for risk assessments, network assessments, application reviews, security-oriented design reviews, site and facility surveys, and configuration or source code reviews. Each of these assessment/reviews will provide you with a snapshot of your vulnerabilities and challenges, and show you ways to mitigate the risks. Consider the value of such knowledge about one of your company's products or installations, about a vendor's products or technologies that you're considering using inhouse, about an outsourcing vendor, or as part of due diligence for an investment, merger/acquisition or strategic alliance.

Security Implementation and Operations

We don't just make recommendations: we help implement them. Using either off-the-shelf or custom solutions we can help you install and configure applications, deploy security systems including firewalls, routers, VPNs, PKI and other authentication systems, as well as intrusion detection systems. Our operations support services include firewall and critical infrastructure management, incident response, system administration. If desired, we can even serve as acting-Chief Security Officer (CSO) while you conduct a search. Our experience in both client and vendor roles gives us valuable insight into negotiating with and selecting security product and services vendors, as well as relationship management. And our experience with computer fraud and abuse cases can help you efficiently respond to problems.