Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Compliance Solutions 201 CMR 17.00 Mass Privacy

201 CMR 17.00 Mass Privacy Law

The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) released the “Standards for the Protection of Personal Information of Residents of the Commonwealth” (the “Regulation”) establishing standards for protecting Massachusetts’ residents’ personal information. This law sets forth guidelines establishing protection mechanisms such as encryption of documents; secure wireless data transmission, deployment of secure architectures and usage or security policies and procedures. The regulations also require businesses to complete internal and external security risk assessments.

Personal Information (PI) Description

This is defined as first name and last name and other information such as Social Security number, Driver’s license number, financial account number or Credit or debit card number.

Who should comply?

Businesses that own or licenses personal information about a resident of the Massachusetts need to implement a security plan and process to protect PI. A comprehensive information security program must be in place to protect data to be in compliance. A civil penalty of $5,000 may be imposed for each violation and more fines assessed for improper destruction of PI.


Kraa Security Solutions will help you comply with the standard to insure that your business meets the requirements. Our process will help you do the following:

  • Conduct a risk assessment if the company has not already done so
  • Create an Written Information Security Policy to meet requirements
  • Perform a gap analysis or vulnerability analysis to understand your current environment
  • Determine weaknesses in your polices and processes
  • Make recommendations and develop a remediation plan for closing the gaps to meet the requirements
  • Assist you if necessary in deploying controls in the processes or technologies needed to be deployed
  • Develop and documentation or policies needed to support ongoing compliance requirements

For more information please contact us.