Infosec Introspect, Inc.
 
GFDL image
Services


Payments Systems Architecture

We perform a soup-to-nuts review of existing and planned payment systems, identifying weaknesses and improper exceptions handling for at-rest and in-transit payments data.

For one company, Larry architected a mechanism for securely transporting payment instruments across internal networks that in a way that reduced operational overhead and reduced the cost of demonstrating compliance with PCI/DSS.


Enterprise Security Posture

We perform a high-level, soup-to-nuts review of security staffing levels, policies, incident response preparedness, application and network interfaces with partners and services providers, etc.


Compliance Audit Readiness

We assess our clients' readiness for technology compliance audits. There are compelling business reasons for engaging us in advance of major audit milestones. They include the earliest possible opportunities to:

   - identify areas likely to require mitigation
   - introduce temporary compensating controls
   - commence mitigation planning

Properly executed, this stands to supplement auditor confidence, promote their timely departure, and release precious resources back to the business.

For one company, Larry served as the business owner for driving and demonstrating compliance with PCI/DSS and Sarbanes-Oxley Section 404.


Outsourcing Securely

We help each client identify their own ideal balance between two competing business drivers: lowering cost and improving security. This is attainable only by skillfully deriving business-palatable security policies and the technological means to support them. Diligence of this nature verges on mandatory, given current the outsourcing and compliance trends of recent years.

At one company, Larry advised an implementation that pragmatically constrained the duties and visibility horizon of more than a thousand offshore people.


Advisory Board Membership

Larry sits on the advisory boards of select technology companies. Having participated from all sides of the table -- senior management, engineer, consumer, service provider, reseller, integrator -- his expertise is widely sought. His advise spans the spectrum: interpreting compliance standards; anticipating customers' requirements; charting effective roadmaps; messaging to attract world-class customers; and so forth.

After founding one of the Internet's earliest Managed Security Services (MSS), Larry advised a publicly traded firewall company about requirements for a viable MSS. This resulted in the market's first truly scalable product line targeted at MSS providers. Larry currently sits on the advisory boards of SiteScout, Vantos, Packet Analytics, and Uriel Law.

 

Contact Us   ·   Copyright © 2006-2009 Infosec Introspect, Inc.   ·   Credits
larry j. hughes jr. infosec introspect information security consulting design policy policies compliance pci/dss payment card industry data security standard pci/dss sarbanes oxley sarbanes-oxley section 404 sox404 sox 404 audit readiness