Global Security Consulting Success Stories from VeriSign, Inc.

You Are Here: US Home > Global Consulting Services > Global Security Consulting > About Global Security Consulting > Global Security Consulting Success Stories

Global Security Consulting Success Stories


Executive Summaries of Key Projects
Fortune 1000A large financial software company found itself worrying about intellectual property and personal financial data.
Financial InstitutionsA major financial transaction processor needed to be in compliance with the Gramm-Leach-Bliley Act, Visa Cardholder Information Security Program (CISP), and the Sarbanes-Oxley Act.
TelecommunicationsA telecom company turned to us to serve as a full security partner.
HealthcareA major healthcare insurance provider needed to assess its compliance with the Health Information Portability and Accountability Act (HIPAA).
Life SciencesA major prescription drug developer needed to protect its clinical trials data and other intellectual property from disclosure.
ManufacturingA U.S. computer chip manufacturer on the cutting edge of technology had significant concerns over its intellectual property.
Public SectorA heavily regulated government agency needed to comply with a variety of standards and keep its own house in order.
Learn MoreTo talk to us about security and your business, call 650-426-5310 or submit your inquiry online.
See the Global Security Consulting Services Overview.
Read specific Success Stories: eFunds, Inc.

Fortune 1000 

Business Need 
A large financial software company found itself worrying about its intellectual property. It was also concerned about the large amount of personal financial data it stored as it moved from a standalone software provider to one that provides value-added Web-enabled services tied into its software. 

Key Challenges 

  • Protection of intellectual property
  • Regulatory compliance
  • Network security and availability

Solution 
We augmented the company’s staff to provide security guidance for key projects. We conducted a Visa CISP assessment and developed a security awareness program. We continue to conduct an annual enterprise security assessment.

Results 
Our annual assessment over the past three years has helped drive the evolution of the company’s overall information security program. We’ve also been there to manage key technology deployments and software upgrades making sure that security is accounted for along the way.  With the help of VeriSign, the company has made it through several key security compliance audits, including Visa CISP and the IT security controls portion of Sarbanes-Oxley. 

Read about our:

Back to top

Financial Institutions 

Business Need 
A major financial transaction processor needed to be in compliance with financial regulations - the Gramm-Leach-Bliley Act, Visa CISP, and Sarbanes-Oxley - and to secure transaction data both in storage and in transit. 

Key Challenges

  • Numerous regulations governing its operations
  • Implementing security in the software development lifecycle

Solution 
Over the past two years our team has delivered a set of consulting services that helped advance the company’s security program quickly, while addressing the various regulatory and industry requirements the company faced. Key services we provided: 

  • Visa CISP assessment
  • Interim Deputy CSO Services
  • Security architecture improvements
  • Policies procedures development
  • Security awareness and training program development and implementation

We continue to support the company through more advanced security initiatives. 

Results 
Our key successes the first year included: 

  • Re-architecting the network in a more secure manner
  • Finalizing policies and procedures
  • Helping chose key technologies such as an incident detection system (IDS), and scanning, forensics, and event correlation technology
  • Implementing the security awareness program

In addition, we developed a business process whereby security was ingrained into the software development lifecycle (SDLC) so that when new applications (or new projects) were developed, there was a process by which the security team was consulted for risks.  

Year two has been spent on more advanced projects: 

  • Implementing and providing oversight over the SDLC
  • Managing the rollout of host-based intrusion detection
  • Leading efforts to provide better security at the company’s facilities in India

Overall the company is performing better in audits and has a better control on the security risks that are inherent in their business - both domestically and internationally.   

Read about our:

Back to top

Telecommunications

Business Need 
A mobile telecommunications company in the Middle East needed a security partner to assess and secure its new, state-of-the-art mobile infrastructure - including voice, data, and other value-added services.

Key Challenges 
The existing network was large, complex, and constructed without particular concern for security. As in most countries, near-100% availability was required.

Solution 
We served as the company’s security partner, providing a complete suite of consulting services.  In addition to assessment and vulnerability mitigation work, we developed policies, procedures, and standards.  We helped the client select and apply appropriate technical, procedural, and logical security measures. Finally, we developed plans for the monitoring and management of those measures.

In Phase 1, Security Assessment, we performed a full assessment that included:

  • Architecture and technology reviews
  • System hardening reviews
  • Network penetration testing
  • Technical vulnerability assessments
  • Business impact assessments
  • Enterprise security assessments

In Phase 2, Security Architecture, we worked with the company to build a comprehensive security architecture that included:

  • Information security policy
  • Information security standards
  • System hardening procedures
  • Network security architecture and design
  • Security department organization program
  • Security awareness program
  • Disaster recovery and business continuity plans
  • Security certification program design

In Phase 3, Security Application, we helped the company put the program into place:

  • Technology and product selection
  • Product implementation roadmap
  • Implementation guidance and support
  • Post implementation audit

In Phase 4, Security Management, we provided:

  • Security operations procedure documentation
  • Incident response plan
  • Managed services plan

Results 
We helped the company achieve its key security goals. We helped the IT staff learn to build security awareness into their work style, and also how to escalate and deal with serious security issues.

We performed a successful penetration test on the network.

We realigned security responsibility, setting up approval policies, standards, and procedures, and conducted a successful security awareness campaign. 

We deployed a complete security architecture that addressed all relevant devices from a monitoring, management, and procedural perspective. The network architecture was reconfigured to align with security best practices, and the devices on the network were secured to documented standards. We deployed security devices, such as firewalls and intrusion detection systems, and provided for their ongoing monitoring.

Read about our:

Back to top

Healthcare

Business Need 
A major healthcare insurance provider needed to comply with the Health Information Portability and Accountability Act (HIPAA). 

Key Challenges 
The organization is large - with thousands of subscribers whose sensitive medical information is stored within key systems. 

Solution 
HIPAA Risk Assessment

Results 
Our role with the healthcare company over the past two years has not been as an auditor, but as a partner.  We have worked with the company to help them improve their overall state of security and note that such as been noticed year after year.   

Read about our Enterprise Compliance Assessments.

Back to top

Life Sciences 

Business Need 
A major prescription drug developer needed to protect its clinical trials data and other intellectual property from exposure. In addition, this company wrote its own applications in order to better manage the development process.

Key Challenges

  • Protecting key clinical data from compromise
  • Ensuring that the home-grown applications address security concerns
  • Maintaining compliance with 21 CFR Part 11 (which regulates all data transmitted to the FDA) 

Solution

  • SDLC security program development
  • Ongoing application tests
  • Developer training and awareness
  • Anti-virus and spam solutions development

Results 
We’ve worked with the company for over two years. We examine every application that’s developed in-house by the company for security weaknesses and exposures. We’ve also trained the developers on how to code in a way that addresses some of the key security issues. We’ve also performed an infrastructure review of the company’s anti-spam and anti-virus capabilities.   

Read about our Enterprise Security Assessments and Enterprise Compliance Assessments.

Back to top

Manufacturing 

Business Need 
A Silicon Valley-based computer chip manufacturer on the cutting edge of technology had significant concerns over its intellectual property.

Key Challenges 
The development process includes partnering arrangements with many companies that participate and the development and manufacturing of new chips. Through this process the company’s intellectual property was shared extensively. In addition, the company was concerned about its own risk from internal and external attacks. 

Solution

  • External and internal vulnerability assessment and penetration test
  • Wireless network assessment
  • Business process review of the security development lifecycle
  • Policy development
  • Sarbanes-Oxley IT controls assessment

Results 
We’ve worked with the company for over two years. We’ve helped them design and implement policies and procedures to help improve their network security from both internal and external perspectives. We also helped them re-engineer their development processes to better control what information is shared with business partners. 

Read about our:

Back to top

Public Sector 

Business Need 
A heavily regulated government agency - that also coordinates regulation across its industry counterparts - needed to comply with a variety of standards and also keep its own house in order. 

Key Challenges

  • Securing the organization’s architecture design and management
  • Achieving compliance with a multitude of government regulations

Solution

  • Firewall redesign
  • 3-tier secure Web architecture design
  • Disaster recovery plan development
  • Secure DNS design
  • Incident response plan development
  • Enterprise authentication architecture development
  • Federal IT System Accreditation
  • System development lifecycle (SDLC) development
  • Enterprise directory services design
  • Homeland Security Presidential Directive-12 compliance

Results 
We’ve performed consulting services with the agency since 2002. We’ve seen the maturity of the program grow nicely. We’ve performed a variety of architecture development and compliance projects and continue to serve as the agency’s trusted security advisor. More importantly, the Inspector General audits key agencies every year for security compliance using a “Computer Security Scorecard” developed by the House of Representatives. This agency, with VeriSign’s assistance has gone from a “C” to an “A” and is one of only four agencies that have a grade of B or above. 

Read about our Public Sector Compliance Services.

Back to top
Contact Us
Please contact sales at
650-426-5310
Submit an inquiry online
Global Security Consulting
Services Overview
Enterprise Security Assessments
Enterprise Compliance Assessments
Security Certification Program
Incident Response and Forensics Services
Technical Security Assessments
Security Policy and Program Services
Security Architecture and Design Solutions
Identity and Access Management Services
Disaster Recovery and Business Continuity Solutions
Information Center
About Global Security Consulting
Industries We Work With
Public Sector Compliance Services
Compliance and Your Business
Resources



ABOUT SSL CERTIFICATES