Audit and Compliance | Moser Consulting

Moser knows IT security. Our seasoned security experts provide best-practices expertise to Federal and State entities, as well as companies engaged in healthcare, insurance, manufacturing and finance, in order to ensure their systems and data are secure.

Security breaches can be doubly devastating to any organization that experience them. In addition to regulatory costs that can quickly soar, the loss of customer confidence can have long lasting effects for any business that falls victim to one.

Almost half of all data breaches occur as a result of malicious or criminal attack from within or outside the organization. System glitches and human error account for the rest. Our security consultants have a keen understanding of all the risks an organization faces today and the expertise to eliminate them.

Moser can design, architect, and implement secure infrastructure and applications in every facet of IT. We have a proven track record of working with government entities at all levels, as well as private and public companies in industries including healthcare, finance, retail, and education.

Know Your Vulnerabilities

Knowing where your organization is vulnerable is a critical first step in securing your data. When you work with Moser, we’ll assign a Senior Security Technology Leader to work with you to identify all potential security risks in your organization's information systems.

We’ll start with a thorough review of your system architecture and infrastructure to evaluate your system's firewalls, threat mitigation devices, intrusion detection and prevention systems, network access control (NAC) devices, your systems for routing and switching, and all server deployments, including access control servers and virtual private networks (VPNs). Then, we perform additional assessments to find and shut down all avenues into your system that make you vulnerable to attack and resolve other problems that can lead to data loss:

Policy and procedure reviews and a gap analysis to determine any key elements missing from your current security policy and procedures to identify any that fall short.
Wireless assessments to identify risks associated with mobile access to data.
Web application assessment and penetration testing of your computer system, networks and web applications to find vulnerabilities that an attacker can exploit.
Host-based configuration reviews to identify security vulnerabilities in how your networks, servers, gateways and applications are configured or coded.
Social engineering and phishing assessments to determine how easy it is to gain access to your network through human interaction with employees.
Physical security assessment to ensure that only those with proper clearance have access to your servers and other critical system assets.

All the Expertise You Need in One Place

With a comprehensive evaluation of your vulnerability, there's no aspect of your security that Moser cannot resolve. When you hire Moser to secure your systems, you get a whole team of IT professionals who invest themselves in your business. Our Senior Security Technology Leaders are not only experts themselves, but they also have access to IT experts in all areas of technology under one roof. Our team will work together to design, architect, implement solutions that ensure the highest level of information security customized to meet the special needs of your organization.

In addition to having deep expertise in their field of IT security, our security consultants maintain key certifications including:

Certified Information Systems Security Professional (CISSP)
GIAC Certified Incident Handler (GCIH)
GIAC Information Security Professional (GISP)

We also provide state-of-the-art security technology with a process framework conceived from the latest penetration testing standards, assessment and auditing, including:

Penetration Testing Execution Standard (PTES)
Open Source Security Testing Methodology Manual (OSSTMM)
Open Web Application Security Project (OWASP) and OWASP Testing Guide
Many national Institute of Standards and Technology (NIST) releases including NIST 800-53r4, NIST 800-115 and ISO 27001 and 27002

moser success stories

HIPPA security assessment results spark system changes

Moser Consulting was retained by a national health organization to implement HIPAA protocols and enterprise network disaster recovery capabilities resulting from the organization’s first-ever ePHI security strategic assessment. The work was focused upon moving current-state information security, disaster recovery and business continuity protocols to meet the newly-developed HIPAA requirements. Moser led the DR system implementation effort, moving from the existing data center to a brand-new, state-of-the-art enterprise data center. Moser provided tactical and operational leadership for the development and deployment of the strategic policies, processes and practices for these new protocols. In less than 8 months, the CISO and Moser took the organization to an independently-audited 100% best-practice HIPAA compliance for all clinical care and financial management controls relating to the confidentiality, integrity, reliability, security, disaster recovery and business continuity of more than a petabyte of ePHI and PII data and information.