Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Compliance Solutions HIPAA Privacy Audit

HIPAA Privacy Audit

HIPAA’s Privacy provisions became effective 04/14/2003 and 04/14/2004 for Large Plans and Small Plans respectively.  For these purposes, the same definitions as those used by the SBA apply. The Privacy provisions, when integrated with HIPAA’s Security provisions, require operational, document and educational performance. Adherence to Best Practice generally minimizes the possible considerable personal exposure of clients’ employees.


KRAA Security provides HIPAA specialists that are experienced former Privacy Officers who are process and compliance professionals to perform the best in third-party assessments. We work with each client to improve compliance on an ongoing basis accompanied by annual maintenance assessments.

Our HIPAA Privacy assessment includes but is not limited to:

  • Benefit plan compliance
  • HR compliance relative to Protected Information
  • Compliant Business Associates Agreements content and application
  • Compliant Chain of Trust Agreements, when required
  • Compliant Policy and Procedures
  • Compliant physical environment
  • Insurance coverage assessment
  • Protected Information-related process improvement
  • Learning system – five levels of involvement with Protected Information

How the Process Works

KRAA Security specialists initiate the assessment process by reviewing each client’s responses to an Audit Target questionnaire and associated attachments. This is followed by on-site audits by KRAA Security staff at each agreed-upon business location. From these initial data sets, a Compliance Baseline is documented. A Gap Analysis which delineates the differences between the Baseline and Best Practice is presented. This is followed by a Risk Assessment commonly known as a risk vs. reward analysis. We work with clients to meet or exceed Best Practice requirements on all agreed-upon Audit Targets