Information about RESCOR security, risk management, and technology support and services.

Services & Support

RESCOR provides a full range of security, technology, and risk management support and services.

Risk Management

RESCOR provides comprehensive risk management services based on STORM enterprise risk management (ERM) and the StrongCOR technology governance subscription program.

STORM allows you not just to meet, but to exceed these requirements of any regulatory Security Management Standard—with less effort on your part, and for the same or less money you'd spend on another solution:

  • Risk assessment
  • Risk management

StrongCOR provides a full suite of support and services for your technology governance program, encouraging light-weight, agile decision making and processes.

  • Technology disaster recovery program (DRP) development & testing
  • Business impact assessment (BIA)
  • Business continuity program (BCP) development & testing
  • Training & security awareness
  • Process optimization

Security Testing

From vulnerability enumeration to in-depth penetration and application testing, RESCOR security testing services provide vulnerability management suited to your risk environment and budget.

The RESCOR Difference

  • Expert research (identifies 20-50% more critical vulnerabilities)
  • Consistent reporting across all types of tests
  • Service after the test (including post-remediation report updates)
  • STORM quantitative vulnerability measurement
  • Superior deliverables accessible to all audiences
  • Testing team with extensive programming experience

Vulnerability Scan

RESCOR conducts intelligence gathering (discovery) and an automated scan of systems in scope. RESCOR security experts use this information as the basis for comprehensive research and analysis to reduce nuisance findings and obvious false positives. Results are reported using STORM quantitative vulnerability measurement.

Penetration Test

RESCOR performs a vulnerability scan, and then uses a combination of automated tools and human expertise to attempt to gain unauthorized access to the scoped systems. A penetration test significantly reduces false positive findings. Because a penetration test has more permissive rules of engagement, RESCOR often identifies vulnerabilities that are not detected by a vulnerability scan. Results are reported using STORM quantitative vulnerability measurement.

Application Test

An application test provides assurance that your applications, and especially web-served applications, are secure. RESCOR uses automated tools and extensive programming expertise to analyze applications for security flaws. RESCOR looks for parameter and boundary checking errors, excessive privileges, SQL and HTML injection, cross-site scripting, and other problems in HTML, scripts, and other executable code. Results are reported using STORM quantitative vulnerability measurement.

Configuration Analysis

RESCOR analyzes the actual configuration of selected systems and networks as a trusted insider (a configuration analysis of your network design is sometimes referred to as a Network Architecture Review). The configuration analysis can be performed independently or as a complement to the other tests described on this page. Configuration analysis identifies problems that are not apparent from external testing, and is the only way to categorically disprove the existence of certain vulnerabilities. Results are reported using STORM quantitative vulnerability measurement.

Social Engineering

RESCOR uses phone, web, electronic mail, and on-site covert research and subversive access attempts (referred to as pretexting) to test the strength of your policies, staff training, and technical controls. Social engineering identifies failures in security awareness and information handling practices that may allow an attacker to obtain valuable information from unsuspecting or uninformed employees. Results are reported using STORM quantitative vulnerability measurement.

Security Awareness & Training

RESCOR Director of Professional Services and Product Development Andy Robinson has combined more than 20 years of security expertise and martial arts experience into The Martial Art of Information Security (TMA). TMA provides an extensive and flexible security, governance, risk management, and compliance (GRC) curriculum.

Information Security Situational Awareness & Self-Defense

TMA applies the principles of martial arts training (improvement through repetition and successive approximation) to develop security, governance, risk management, and compliance awareness and skills. This process results in increased understanding, safety, and soundness in a potentially hostile electronic world.

The TMA program is customized for your organization's unique security, governance, risk management, compliance, information technology, and business environment. This includes customization for your existing security program as well as your legal and regulatory environment.

Flexible & Applicable

Consistent with its martial arts foundation, the TMA curriculum is presented at multiple levels from the basic to the technically challenging, according to the current and desired skill levels of individuals taking the courses. Existing courses may be combined into targeted training programs that address your specific needs, and courses can be specifically designed for your needs.

Topics & Disciplines

TMA covers topics and disciplines including, but not limited to, the following:

  • Professional Certification Preparation (e.g., CISSP, HCISPP)
  • Security Awareness
  • Security Management
  • Technical Security Skills
  • Building Secure Information Systems
  • Assessing Security & Risk
  • Law, Ethics & Investigation

The Martial Art of Information Security (TMA) is a trademark of Andrew T. Robinson.

Security Architecture & Implementation

RESCOR designs and implements security solutions that meet your needs and budget.

The RESCOR Difference

  • Understanding of your industry & your organizations strategic needs
  • Unmatched technical expertise
  • RAPID enterprise security architecture process
    • Business-oriented
    • Shortest time to functional specification
    • Fastest & most cost-effective implementation
    • Guaranteed business acceptance
    • Deployment structured for minimal business disruption
    • Minimal bureaucratic overhead
  • Complete solution documentation
  • Support throughout the entire solution life cycle

RESCOR supports security projects including but not limited to:

  • Firewalls & perimeter security
  • Remote access & virtual private networks (VPNs)
  • Authentication & identity management
  • Role engineering for role based access control (RBAC)
  • Multi-factor & biometric authentication
  • Public key infrastructure (PKI)
  • Secure domain name services (DNS, DNSSEC)
  • Secure electronic mail (SMTPS, IMAPS, POPS)
  • Intrusion detection & prevention (IDS, IPS)
  • Secure network architecture (segmentation)
  • Endpoint security
  • Data loss prevention (DLP)
  • Operational & security intelligence
  • Security event & incident management (SEIM)
  • Web application security
  • Cloud services architecture & security
  • Virus & malicious software protection
  • Transit (data in motion) encryption (TLS, SSL, et al)
  • In situ (data at rest) encryption (mobile, laptop, devices)
  • Encryption key management & escrow

Incident Response & Forensics

RESCOR offers services and support to implement security incident handling.

  • Incident response program design
  • Incident response support
  • Forensic analysis of compromised systems

RESCOR supports your incident response program in all four phases of incident response:

  1. Detection
  2. Response
  3. Recovery
  4. Analysis

The principles of incident response were documented by Andy Robinson in this 2002 article.

Compliance

RESCOR has extensive experience supporting compliance requirements.

  • HIPAA compliance (12+ years)
  • GLBA compliance (14+ years)
  • PCI DSS compliance (9+ years)
  • NERC CIP compliance (11+ years)

Information Technology Architecture & Implementation

RESCOR has extensive experience designing and implementing secure information technology solutions.

The RESCOR Difference

  • Support for all manufacturers and operating systems
  • Support for all network architectures and protocols
  • Expertise with IBM i-Series and z-Series platforms & applications

The RESCOR motto is "any platform, any network, any language, any time."

  • Computing Platforms
    • Android (mobile)
    • Apple OS X
    • Apple iOS (mobile)
    • IBM series i (AS/400)
    • IBM series z (z/OS, z/VM)
    • IBM series p (AIX)
    • Linux (all distributions)
    • Microsoft Windows
    • Oracle (Sun) Solaris

     

  • Networking Environments
    • TCP/IP version 4
    • TCP/IP version 6
    • Systems Network Architecture (SNA)
    • Network Job Entry (NJE)
    • All wide-area layer 2 protocols
    • All local-area layer 2 protocols

Cloud Services Integration & Deployment

Cloud services present unique security & governance challenges, ranging from extending your security perimeter to include third party resources, to the possible outsourcing by your cloud provider of all or some of your services.

RESCOR consultants have worked with serviced applications, infrastructure, storage, and other cloud capabilities longer the concept was invented, and can ensure your cloud services are properly and securely integrated into your technology environment

Software Architecture & Engineering

If you have a web site or Internet portal, you have custom software that needs to be modified and maintained. RESCOR is one of the only security consulting companies with the skills to support your custom software needs from HTML, CSS, and JavaScript to complex applications.

The RESCOR motto is "any platform, any network, any language, any time."

The RESCOR Difference

  • Extensive software engineering experience
  • Rapid application development (RAD) process
  • Release & deployment management (version & change control)
  • Quality assurance program
  • Complete, high-quality documentation
  • Ongoing maintenance and support
  • Cross-platform development (any combination of platforms)
  • Multiple language development (any combination of languages)
  • Service oriented architecture (SOA) design
  • Expertise with midrange and mainframe systems
  • Systems programming (including assembly language for any platform)
  • Enterprise messaging architectures

Dynamic Web Content

Dynamic web content means custom software engineering. RESCOR will implement a formal software engineering process for your dynamic web development that ensures security and change control but provides the greatest possible freedom for developers. RESCOR supports all server models, databases, programming languages, and markup languages.

Cloud-Based Applications & Services

RESCOR has the expertise to help you develop and deploy cloud-based products and services, and to ensure those products and services will meet rigorous vendor due diligence, governance, and compliance requirements.

Legacy Application Support

How many times has the mainframe died since 1970? Yet many organizations still depend on their midrange and mainframe applications, and despite repeated efforts have not found solutions as robust and reliable on other technologies. RESCOR's extensive experience with midrange and mainframe environments and software development ensure that your legacy applicable will remain robust and reliable over time.

Languages & Platforms

RESCOR software engineers average more than 20 years of software engineering experience, and follow a rigorous program of continuing education. With this level of expertise and continued learning, RESCOR can assimilate new platforms and programming languages at an expert level without any impact on project performance. RESCOR's experience ranges from mainframes to mobile devices, and from assembly language to modern fourth- and fifth-generation programming languages. Following is only a partial list of the programming languages, platforms, and environments supported by RESCOR:

Operating Systems & Platforms
  • Android
  • iOS (iPhone, iPad)
  • Linux
  • Windows
  • z/VM (z-Series)
  • z/OS (z-Series)
  • i/OS (i-Series)
  • Oracle (Sun) Solaris
  • OpenBSD
  • HP-UX
  • AIX
  • SCO UnixWare & OpenServer
  • MacOS & OS X
  • eCommerceServer (formerly OS/2)

Programming Languages & Platforms
  • Java
  • J2EE (JSP, Servlets, EJB)
  • .Net (ASP, Visual Basic, C#, VC++)
  • Perl
  • C and C++
  • PHP
  • Markup languages (HTML, WML, XML, etc.)
  • JavaScript (ECMAscript)
  • CSS
  • Rexx
  • FORTRAN
  • COBOL
  • RPG
  • Assembler (all supported platforms)

Database Platforms
  • Oracle
  • Microsoft SQL Server
  • IBM Universal Database (DB/2, Informix)
  • MySQL
  • PostgreSQL
  • Ingres
  • Access

Mobile & Web Services Architecture & Engineering

Mobile and web-based services are simultaneously the fastest growing method for accessing critical infrastructure, and a growing source of risk. RESCOR combines experience with web and mobile services, security expertise, software engineering expertise, and experience with critical infrastructure organizations to ensure that your web and mobile device strategies are implemented securely, and provide the best possible experience for your personnel and customers.

  • Windows, Android, and Apple Mobile Platforms
  • HTML, CSS, JavaScript (ECMAscript), and AJAX
  • Server-side programming (Perl, PHP)
  • Mobile device management strategies
    • Bring your own device (BYOD)
    • Company owned, personally enabled (COPE)
    • Not personally enabled (NOPE)
  • Mobile device management software deployment
  • Mobile electronic mail & messaging integration
  • Remote access and virtual private networking (VPN)
  • Strong authentication
  • Access monitoring & alerting
  • Service portal web & mobile integration & enablement

Simplified Total Risk Management, STORM & StrongCOR are trademarks of RESCOR; RAPID & RSK are trademarks of Andrew T. Robinson.