Assessment Services

Ravdal’s information security professionals assist customers with understanding the effectiveness of preventive, detective and corrective security controls by testing and analyzing networks, applications, and embedded devices. Evaluating the state, quality, and capability compared with industry best practices serves as a baseline from which the client can prioritize efforts, measure progress against goals and set maturity objectives.

Penetration Testing

Penetration Testing uncovers critical issues and identifies how well your network and information assets are protected. Usually accompanied by a vulnerability assessment sampling of representative segments of the network, systems such as servers, and infrastructure components. Combined with a comprehensive security assessment, penetration testing helps organizations reduce risk of a data breach and become more proactive with threat management.

“Red Team” Penetration Testing

The “Red Team” Penetration Testing service approaches the testing as if the organization is being attacked and the objectives are to breach the perimeter, systems and security controls to gain access to confidential data. This approach focuses on key critical assets, exposes potential vectors for access to the organization (publicly accessible information), and offers insight into how well security safeguards are operating. Unconventional methods of attack are used, revealing potential blindside weaknesses, and this approach also provides insight into security control effectiveness.

Application Penetration Testing

Application Penetration Testing is focused on identifying the methods that the most common attacks follow to break into web-applications, take control of systems or steal data (e.g. payment cards, personal information). The objective of the assessment is to identify weaknesses in coding, security model and controls within a specific and potentially targeted system that an attacker could use to gain access, breach systems and security controls in order to gain access to confidential data. For select systems discovered, weaknesses will be evaluated to determine how they could be exploited and the potential impact to the organization of unauthorized access to data or IT resources.

Social Engineering

Social Engineering is a non-technical intrusion that tricks unsuspecting employees into breaking normal security procedures and giving network access to attackers. Exploiting user applications and social engineering techniques, we will attempt to gain credentials from employees. Examples of applications we may target include Dropbox, webmail and cloud applications that are not managed by staff. Additionally, we may employ one or several of the social engineering attacks described as: “Tailgating” into offices and accessing the network or computers, Spear phishing (targeted phishing) campaign, USB thumb drive enticement with “phone-home” malware, phone calls from the “IT Service Desk" asking for credentials, and wireless man-in-the middle attack.

Regulatory Compliance Services

Led by industry experts, Ravdal provides compliance assessment services for a number of industry regulatory compliance requirements, including the Federal Financial Institutions Examination Council (FFIEC), the Federal Information Security Management Act (FISMA), the Health Information Portability and Accountability Act (HIPAA) Privacy and Security Rules (including HITECH/Omnibus mandates) and the Payment Card Industry Data Security Standard (PCI DSS).We help organizations understand, measure, and plan remediation for a wide range of compliance requirements.

Ravdal can streamline assessment activities across multiple regulatory areas in order to save time and money. We assist organizations in prioritizing control implementation through identification of common controls across multiple compliance areas.

Financial Services

Ravdal offers a comprehensive suite of security solutions for financial services organizations desiring to protect their infrastructure, networks, data and users against continuously evolving threats, while ensuring compliance with regulations and requirements including GLBA/FFIEC, NCUA, SOX, and the FTC Red Flags Rule.

Healthcare

Ravdal performs assessments to evaluate an organization’s compliance with the HIPAA Security and Privacy Rule requirements, HITECH Act provisions (i.e. breach notification), as well the organization’s overall security and data privacy posture.

Payments

Ravdal assists organizations in meeting compliance mandates and prepare for formal PCI QSA assessments while concurrently building a practical technical and policy approach to mitigating cyber risk.

Remediation Services

Ravdal can assist with planning, prioritizing and managing process and infrastructure upgrades to achieve compliance with industry regulatory standards or best practices. As part of our assessment services, we help identify and prioritize specific cyber security risks. Then, we provide a clear roadmap for cost-effective remediation and/or further analysis. Ravdal can then assist by designing security solution architecture, developing policies and business processes, training staff, and/or managing remediation implementation.

Strategy and Planning

We help your organization and leadership identify and focus on the key, strategic elements, of your information security program that support the company’s business needs. Having a clear idea of where you need to be will allow you create a road map to mature and develop your core competencies and utilize the processes and programs the organization is already benefiting from. It will ensure that initiatives and investments are made in the optimal areas thereby helping the organization move forward with greater momentum and a clearer direction.

Technology / Architecture Design and Consultation

Our people have addressed technology needs across all sizes of organizations and with all levels of complexity. We help you tap into capacity and capabilities that were bogged down with less strategic tasks and activities.

Ravdal can assist with network and security control architecture, solution design and deployment of security solutions across multiple systems, applications, hosts, and devices. We can develop an information classification and access control plan, help you understand security infrastructure design principles and the tradeoffs between usability and liability, and work with your staff to deploy and configure intrusion detection systems, VPNs, data encryption and firewalls.

Governance, Risk and Compliance

We work with organizations to define and build security operations, risk management and compliance programs around ITIL-based IT Service Management (ITSM) program or within other frameworks (CoBIT, ISO 27001, etc.). We assist your organization with the process of implementing industry best practices. The goal is to improve the ability to manage and deliver services, to standardize operations, implement and improve core processes such as Incident Management, Monitoring and Availability Management.

Policies and Procedures Development

Security policies and procedures are the cornerstone of an organization’s information security program. Ravdal provides a practical approach to prepare policies that meet the major regulatory requirements and address multiple compliance standards. Ravdal works closely with an organization’s management to elicit opinions on information security and document formal and informal procedures currently in place.

Security Awareness Training

Security awareness training is designed to meet the needs of different types of users within the company including high risk personnel (finance, accounting, senior leadership), field personnel and the generalist user type. The primary objective is to improve employee awareness of cyber threats and risks. Material is developed to focus on the most important threats targeted against employees (phishing, weak passwords, etc.). Insights from social engineering testing are also used to improve the training materials.

Security Management and Staff Augmentation

One of the biggest challenges that organizations face today is recruiting and retaining information security resources and expertise. Ravdal can assist by providing experienced, certified security practitioners and engineers.

Virtual CISO

The Virtual Chief Information Security Officer (CISO) or CISO on Demand is a service designed for organizations that have a need for a comprehensive information security program but do not have the resources for a full-time CISO or security team. Even when a full-time position can be justified, it is difficult to find an individual who has all of the necessary information security, IT risk management and compliance skills your organization may need. Ravdal provides a team of experts that delivers the skills and experience your security program needs to be successful. This is a customized service based on an organization’s information security needs and can range in duration from being a few hours per month consultancy to an interim full time CISO. Further, we can scale the service according to changing information security requirements and with knowledge transfer over time.

Security Analyst or Product Expert

This service is designed to provide security analyst and subject matter experts to staff or backfill resource needs around security technologies such as firewalls or SIEM solutions as well as other technology (IDS/IPS, vulnerability scanner, etc.)

Staff Augmentation

Ravdal provides IT security staff augmentation services that assists clients execute large-scale security technology initiatives. We have proven experience in cost-effectively delivering qualified and reliable IT security professionals.

“To Improve Life Through Cyber Security”

What is a Cyber Security firm that does not attempt to make the world a better place? Ravdal, Inc. was founded to provide the best Information Security services to the right organizations and where they need it the most. It sprang from a growing frustration with the often mediocre services provided by IT services and business consulting firms. Rather than compromise and be a Jack-of-all-trades, we decided to dedicate ourselves to a single practice area and to offer best-in-class service.

Founded in 2010, this Colorado Company, has been successfully delivering customized IT security solutions to commercial, government and non-profit organizations. Ravdal provides this high-value Information Security services in specific vertical markets where the firm has a solid reputation, known expertise, and substantial portfolio of referenceable projects because of superior customer service, high value/competitive price and solid reputation.

 

Financial Services

Ravdal offers a comprehensive suite of security solutions for financial services organizations desiring to protect their infrastructure, networks, data and users against continuously evolving threats, while ensuring compliance with regulations and requirements including GLBA/FFIEC, NCUA, SOX, and the FTC Red Flags Rule.

Healthcare

Healthcare record systems are very attractive targets for cyber criminals because of the richness of the information they contain. Personally identifiable information (PII), personal health information (PHI), Medicare and Medicaid IDs are readily used to submit fraudulent tax claims, obtain free healthcare services, open credit cards and bank accounts. Ravdal performs assessments to evaluate an organization’s compliance with the HIPAA Security and Privacy Rule requirements, HITECH Act provisions (i.e. breach notification), as well the organization’s overall security and data privacy posture.

Payments (Retail, Restaurants, Service Providers)

Threats to credit and debit card data come from many directions, and new technologies such as chip cards, tokenization, and point-to-point encryption often out pace payment card industry (PCI) compliance mandates.  Ravdal assists organizations in meeting compliance mandates and prepare for formal PCI QSA assessments while concurrently building a practical technical and policy approach to mitigating cyber risk.

Industry (Manufacturing, Petrochemical, Pharmaceutical)

Industrial and manufacturing organizations have substantial capital investments in plants and equipment, critical process control systems and logistics. Disruptions and stolen intellectual property (IP) can have measurable financial impact on the business.  Ravdal assists industry protect infrastructure, avoid down-time from security incidents, safeguard IP, and comply with regulatory requirements.

Government

Increased scrutiny and the exposure of data breaches by many agencies have made IT security policies a top priority for government and public sector organizations. Further, regulatory and industry regulations facing government agencies, notably FISMA and PCI DSS, require organizations to have a thorough understanding of their risks and be equipped to implement policies and technology to rectify any deficiencies. Ravdal has extensive experience assisting government agencies navigate increasing complex governance and compliance regulations.

HQ

Longmont, CO

Mail

PO Box 21582

Phone

(720) 470-2271

Fax

(866) 649-3889