|GreyHat Information Security Consulting Inc. Company Services|
|Database Security Assessments||Oracle, SQL Server, Sybase|
|IT Security Consulting||Provide guidance to senior managers, business owners, and technical staff on appropriate and cost-effective security controls for information security and IT security.|
|IT Security Policy and Governance Framework||Development of Policy Framework and Policies, Procedures, and Standards.|
|Privacy Impact Assessments||Ensure that privacy implications for a new or modified program or activity are integrated into the privacy risk management of the organization.
Identify and categorize the sensitivity of personal information to unauthorized or inadvertent disclosure, modification or corruption, or destruction.
Assess the adequacy of security controls for the protection of personal information for administrative, operational, and technical issues.
Determine if there are any adverse impacts or risks to individuals or the organization, and
Make recommendations to reduce risks to privacy.|
|Privacy Risk Management Framework||Align data use and data matching processes complies with relevant privacy legislation, regulations, and policies
Assist business managers in presenting PIAs to management oversight committees and the Office of the Privacy Commissioner
Propose strategies for mitigating the identified risks relating to organizations, processes, applications, and systems|
|Privacy Risk Management Plan||Develop an Action Plan to mitigate or accept risks to privacy and sensitive personal information, and ensure compliance with the established privacy principles, Government directives, and federal legislation.|
|Threat & Risk Assessments||Performed over seventy five TRAs following the HTRA methodology for more than sixty departments and agencies of the Government of Canada, the Government of Ontario, and large private sector organizations including Carleton University.
An assessment of threats and risks to government programs and services is fundamental to risk management and the need to determine the adequacy of security safeguards to protect valuable information and assets. A Threat and Risk Assessment (TRA) is a means to provide senior management of an organization with the necessary information to make decisions on risk. Risk is derived from the value of information and assets, or sensitivity to compromise, the likelihood of a threat event and the gravity or impact if it occurs, the probability of compromise and the severity of outcome due to the vulnerabilities, and the potential adverse impact. Risk is defined as a situation in which a threat is able to take advantage of a vulnerability to compromise sensitive information and valuable assets. Program managers are obliged to follow the principles of risk management to minimize the potential risks to programs and services.
TRAs include enterprise TRA, network TRA, SharePoint 2010, Lync Server 2010, National Forest Information System, Knowledge Network, Avaya WLAN, Education Information System, GCDOCS, Oracle 10G, Lotus Domino 6.5, IBM WebSphere 6.1, IBM Maximo, SIMSI, National Import Service Centre, STG WebCIMS, Livelink Server, Public Accounts Production System, Citrix Presentation Server, and Microsoft dot NET application development.|
|Vulnerability Assessments||Conduct a comprehensive vulnerability assessment of the organization's IT infrastructure, network, servers, applications, desktops, and databases.
Develop an Action Plan to make recommendations to improve ineffective or inadequate security controls.
Test the security perimeter from the Internet and ensure the appropriate security measures are in place.|
|Web Application Security Assessments||Performed more than twenty assessments of web applications and the related infrastructure on behalf of clients in the Government of Canada.|