Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More

Newsletter – Veterans Day Security – Nov 2011 – 1-888-572-2911

Social Media Security    |     Risk Assessment     |     Compliance    |     Products    


As we head into the Veterans day weekend and salute and remember those men and women in uniform who have served their country and protected our national security, we wanted to take some time out to highlight some stories on the home front of information security.  


For the latest in information security call 888-572-2911 or email for a complimentary consultation.

Bank Transfer:What About Security

Risk Is Top Concern as Accounts Move to Community Institutions

Between Occupy Wall Street and the so-called Bank transfer movement, consumer outrage with big banks is fueling new account growth at community banks and credit unions. But how well prepared are the smaller institutions to handle increased security risks and fraud-prevention demands that come with such quick growth? Cary Whaley of the Independent Community Bankers Association says regular face-to-face interaction with customers and members often makes security at smaller institutions something of a given. But institutions should not underestimate the vulnerabilities these new account openings can expose.  “If you don’t have thorough procedures, there is a greater chance you are going to get a riskier customer,” Whaley says. “You’ve got to be sure you’re covering all the bases.” (Read More)
KRAA Security has helped credit unions and community institutions assess and evaluate their security posture to help provide the best in information security best practices

New HIPAA Enforcer Pinpoints Priorities

Promoting Compliance Is Goal

Aggressive HIPAA enforcement, as well as compliance education, are top priorities for Leon Rodriguez, the new director of the Department of Health and Human Services’ Office for Civil Rights.  “As I’ve learned as a prosecutor and then as a defense lawyer, enforcement promotes compliance,” Rodriguez says in an interview with HealthcareInfoSecurity’s Howard Anderson (transcript below). “The fact that covered entities out there know that they are at risk for penalties is something that, in fact, in many cases will promote compliance.” Nevertheless, Rodriguez stresses the need for also using education to help boost compliance. “It’s going to be important for us to make sure that we do everything we can to assist those covered entities that want to understand what the rules are. … So we’re also going to be focused on outreach and education no less than on enforcement.” (Read More)


KRAA Security’s HIPAA Assessment can help you assess your HIPAA compliance along with providing training to your employees using our Online Training Portal

California Transparency in Supply Chains Act – SB 657

This is not a new story however the deadline for compliance is rapidly approaching as disclosure is by January 1, 2012

When you think of human trafficking, you may imagine smugglers in far away places involved in some kind of slave trade. You may not think of the U.S. and every day occupations such as farm or factory work.  However, according to Congressional Research Services, “[a]s many as 17,500 people are believed to be trafficked to the United States each year.”  In 2010, several non-governmental organizations in California drew up the California Transparency in Supply Chains Act, known as SB 657 – the first act of its kind in the U.S. to link business to the issue of human trafficking.  According to the act, retail sellers and manufacturers with annual worldwide gross receipts over $100 Million doing business in the state of California must publicly disclose their efforts to eradicate slavery and human trafficking from their direct supply chain by the end of 2011.  (Read More)
KRAA Security’s sister company Razient is a Supply Chain Risk Management solution that is delivered via a Software as a Service (cloud).  If SB 657 applies to your company, we have developed and automated a Compliance Survey process to gather all of the required information from your direct suppliers so that you can identify what activities listed in SB 657 you currently undertake and to what extent you do them. Once you have the required information you can then determine how you want to approach public disclosure. Our SB 657 Compliance Survey is just one of  many  features in the Compliance Assessment portion of our Razient portal!

For more information on any of our products or services please contact us at or

Special Offers

Website Security Scanning – $99 a month !



Enhance your website security with regular proactive scanning of your Internet facing websites to help ensure your websites are up to date with the latest security patches 


Read More Ends 12/31/2011


call 888-572-2911 or email


Complimentary Social Media Policy Review!



KRAA Security will provide a complimentary analysis and review of your current social media policies.  We can rapidly analyze any best practice gaps that should be addressed and make suggestions for improvement


Read More Ends 12/31/2011


call 888-572-2911 or email

What’s New

Razient – the newest solution in Supply Chain Risk Management and Risk Assessments!


  • Analyze potential for supply chain disruptions from suppliers by correlating potential supply chain threats
  • Identify regulatory and industry best practice risks
  • Manage supplier compliance risk
  • Help avoid potential costly disaster recovery situations
  • Real time incident mapping





KRAA Security now provides a cost effective eDiscovery and Forensics service. End to end reliable electronic evidence analysis, combining Data Collection, Processing, Analysis, Reporting and Testimony to individuals, businesses, legal, and state and local governments. 

Read More