We can perform a comprehensive security design review of your system and/or design part of the system.
- Identify all sensitive data/resources.
- Draw a threat model of your system.
- Evaluate security procedures at trust boundaries.
- Rank each vulnerability based on likelihood and severity.
- Design a plan for threat mitigation, vulnerability resolution, and incident response.
Are you handling medical data, passwords, personally identifiable information or credit card data? The security review will tell you exactly what you need do to comply with HIPAA, FIPS 140-2, PCI DSS, etc.
Do you need a custom authentication protocol, linkable encrypted fields within your database, or any other custom cryptography? The first rule of cryptography is do not invent your own cryptography. The second, less well known rule, is do not implement your own cryptography. There is a lot of misleading information and even published books about applied cryptography, algorithms, protocols, and source code have errors. This part of your code is worth outsourcing.
Questions come up during development. Set up a retainer to have a professional cryptographer on-call to advise your team through any security issue.
- Is my email provider HIPAA compliant?
- How can I do share/transfer files securely?
- How do I destroy data?
- Should I use a hash or MAC?