Website Security Audit

Website Security problems are more significant as most applications have a web interface. Many companies only test for functional requirements in application testing.  Our Website Security Assessment is designed to meet best practices for application security. All industry regulations such as PCI Audit requirements for Websites and HIPAA Security requires this type of security. An assessment looks at the source code, the infrastructure, the operating systems and the application functionality. Read More

image

HIPAA Security

HIPAA Security Rule introduces a variety of organizational and procedural changes that address the confidentiality, availability, integrity and overall security of Electronic Patient Health Information (eHPI) within the HealthCare and Medical Services industry. A complete assessment as required under the HIPAA Security Rule specifications includes on-site interviews with personnel, system analysis, policy and procedure review and remediation suggestions. Read More

image

Social Media Security

The first step in developing the Secure Social Media (SSM) framework is to put a process in place that can be tracked, measured and monitored over time. A framework for security must anticipate future Social Media developments and how they will impact security. The SSM framework analyzes the security environment and puts it into context of an overall security strategy for the entire corporation, including such departments as Information Technology, Human Resources, Marketing and Legal. Read More

image

Vulnerability Assessments

Technology is frequently mis-configured or mismanaged, which in turn introduces points of weakness into the organization. Every device connected to the network has the potential to allow an attacker in. Vulnerability assessment can be used against many different types of systems such as networked based, host based or application based. Vulnerability Assessments are necessary to identify vulnerabilities, but also are necessary to show changes in the environment over time as the organization grows and changes. Read More

Risk Assessment and Compliance Audits

KRAA Security provides a comprehensive suite of Security Consulting and Products that are practical, efficient and cost effective. Our information security consultants and network security specialists conduct corporate security services and IT security risk management. Download our Service Overview sheet. We have a combination of preventative security services.

Social Media Security

Our Social Media Security Security Services provides a comprehensive assessment of the risks posed to your company by social networks. Social Media security addresses the key areas of:

Latest Stories

Hackers give up when they go up against this cybersecurity company

It’s not every day that a company can compel hackers to give up. Yet that’s exactly what CrowdStrike managed to do earlier this year.

CEO and co-founder George Kurtz tells it like this: A besieged customer needed backup. So Kurtz’s team sent in reinforcements, placed its cloud-based software sensors across the breached business’s computing environment, and started gathering intel. Aha! Investigators spotted Hurricane Panda, an old Chinese nemesis that Kurtz’s crew had been battling since 2013. What happened next surprised them: When the attackers scanned an infected machine only to find traces of CrowdStrike, they fled.

Read More

Recent Blog Post

Do Hospitals Need to Promote Privacy By Limiting The Use of Social Media?

Social media has taken the world by storm, but there are many instances when it has been used inappropriately to abuse privacy. Hospitals, especially, are in danger of this – the privacy levels required in a hospital are high and social media breaks down all barriers of privacy. Social websites like Facebook and Twitter, video websites like YouTube and even blogs have made it easy to pass on information, and since there is no one policing the information, boundaries are crossed easily. The HIPAA Security Rule can be easily broken. Social media security has become very important. Information Security policies are required for HIPAA risk requirements.

Imagine a situation where someone is ill and has to stay in the hospital for a few days. Or where someone is diagnosed with something that people treat as particularly embarrassing, or that holds the threat of death. All it takes is for one person to post a message or a picture taken in the hospital of the patient, and in minutes, the whole world will be able to access the information. If malicious things are said about this patient and they get to hear about it, it might harm their health further. A HIPAA security assessment would be required after such a data breach.

Read More

Recent Blog Post

Are your protecting your Wordpress website from attacks?

With the popularity of Wordpress, and the support it gets from the development team, it’s easy to think that your installation of Wordpress is secure. Since you didn’t code it from scratch, you might assume that it is hardened and you don’t have to do any further tinkering with security.  Well, you may just want to put some effort into locking down your Wordpress installation.  As with any website, you need an IT Security Policy, walk through an IT Security Checklist, and conduct consistent IT Security Audits.

There are several methods that are generally used in an attack on a website. First you have mis-configurations. This can mean everything from leaving the ‘wp-config’ file readable to the world to allowing any kind of file to be uploaded in a form to weak password security.  The second type of access can usually be gained through bad coding techniques. If you add a Plugin or write your own code to add to the Wordpress installation, this can possible allow and attacker to take advantage of bad code to break into your site. And lastly you have can lump other attacks into infrastructure attacks. Maybe you don’t have a firewall running, or intrusion prevention service running to stop attacks. Or you are hosting you website on a shared service like Godaddy or Hostgator and someone else’s website is vulnerable, leading to a compromise of the whole hosted server.

For now, lets address some easy things you can do to reduce configuration weaknesses that could lead to a hacked website.

1)      Password – no matter how many times you say it, people still use weak passwords that can be guessed or broken with brute force attacks.  There are several free and paid login protection plugins you can use.

2)      File Permissions – this is a bit trickier if you do not know how file permissions works. You can get an easy primer from the Wordpress help file, http://codex.wordpress.org/Hardening_WordPress  Its also provide a lots of details for the more technically savvy.

3)      Monitoring – you should know what is going one with access attempts or changes in your files and configurations of your Wordpress site. There are a number of tools you can search for monitoring and logging activity. Its especially important to monitor for healthcare IT security.

4)      Security Testing – even if you have installed security plugins and have configured your website correctly, you should still periodically test the security for vulnerabilities. You can pay third party companies to do penetration testing or you can try some of the plugins on your own. Testing is important to risk management and assessment

There are lots of different tools you can use to secure your site. The first step is to know that it will not stay secure without you actively implementing security measures.

Got HIPAA Security?

Image

Helpful Security Videos

Bulletproof Wordpress Plugin

Wireless Access Point Security

Facebook Privacy Setting

Online Security Training