Cybersecurity Consulting Services

Protect Your Information Technology Assets With iQSecure©

iQuasar’s iQSecure© process is designed to protect a business by analyzing its information and network architecture and through management of users, access, data, regulatory compliance, and recovery processes. This information is compared against our security reference framework that enables us to identify the gaps. Subsequently, we customize our solutions to client’s unique needs and establish a set of projects to fill those gaps.

Executives, Business Owners, IT heads of Financial Institutes, and Government Departments look to engage iQuasar when:

  • Interested in understanding the cybersecurity threats facing their organization
  • Wanting to create a security strategy, architecture, and a practical implementation plan to protect sensitive information assets of their organization
  • Desiring experienced consultants who have been “around the block” and know how to navigate complex work environments
  • Interested in exploring opportunities to reduce costs through blended cost models

Cyber-Secure Practice Areas

We engage with our clients both in a project deliverables model or resource based model, depending on the needs and preferences of the client. Our services include the following areas of expertise:

  • Cloud Security
  • Identity and Access Management
    • Access Governance and Certification
    • Role Based Access Control and Privileged Access Management
    • User onboarding, authentication, entitlements management
    • Authentication, Authorization, Federation, and Single Sign-on
  • Regulatory Compliance
    • NIST, HIPAA, FERPA, FFIEC, Gramm-Leach-Bliley Act, etc.
  • Enterprise Security
    • Security strategy and governance
    • Security assessment, gaps, and roadmap
  • Data Protection, both on premise and in the cloud

Customer Engagement Process

iQuasar’s certified security team uses iQSecure© service delivery model to protect the confidentiality, integrity, and availability of client data and technology infrastructure:

  • Gather information and requirements from client stakeholders
  • Analyze information for threats and vulnerabilities, and review areas of concern with project owners
  • Scope projects based on a security strategy and plan in phases
  • Deliver projects end to end either with a complete on-site team or a blended on-site and off-site resource model as an option to lower delivery costs
  • Staff client projects with experienced security team members
  • Utilize industry standards based frameworks
  • Adjust to client processes and deliver on customers needs with efficiency and flexibility

Project Examples

iQuasar principals performed multi-factor authentication (MFA) assessment for a financial client. The project identified gaps in MFA, developed an MFA solution for all lines of business across the bank, and prepared the bank to meet New York State DFS Financial Cyber regulations – 23 NYCRR 500:

  • Assessed MFA business process and technology
  • Designed MFA enterprise solution that will meet the bank’s requirements for internal high risk users, regular users, and bank’s customers
  • Identified current gaps in the following areas:
    • Business process
    • Technology landscape
    • Technology ownerships
    • Risk levels
  • Delivered design document for technology solutions for MFA and leading industry practices
  • Defined future state for MFA for high risk users, regular users, and customers
  • Created a roadmap identifying short term tactical solutions and long term solutions
  • Delivered specific activities, deliverables, priority and timelines to get to the future state

We performed Identity and Access Governance (IAG) assessment for a financial client. The project included identifying risks, gaps, and opportunities in business process and technology for the client:

  • Performed assessment for Access Governance business process and technology
  • Identified current risks, issues, and gaps in the following areas:
    • User request and approval process
    • Provisioning and de-provisioning
    • Access Certification process
    • Implementation design and technology analysis
    • Compliance reporting
  • Delivered Design document for Access Governance using leading industry practices
  • Delivered maturity model for access governance process based on NIST framework
  • Defined future state for Identity and Access Governance and created a roadmap
  • Delivered an enterprise strategy (Journey mapping) to achieve optimization level for IAG
  • Delivered specific activities, deliverables, priority and timelines to get to the future state
  • Identified gaps and risks in business process and technology
    • User request, Provisioning, Access Certification
    • Implementation design and regulatory compliance
  • Developed maturity model for access governance based on NIST standard

Delivered an end to end security architecture and design solution for a mobile application for a healthcare client. The application is used by the client’s customers to manage their health care plans on mobile platform.

  • Delivered mobile security architecture reference model for the application team to develop
  • Identified controls based on leading practices to manage risk on the mobile platform  
  • Created authentication and authorization design, and application integration with client’s infrastructure
  • Performed HIPAA assessment for the application with mitigating strategies for:
    • Administrative controls
    • Technical controls
  • Designed code review and penetration testing model for the client
  • Tested application for security controls using NIST and leading industry practices
  • Integrated mobile authentication into Client’s Single-Sign-On and onboarding technology platform
  • Drafted design documents, testing documents, and production integration documents for the “go live” milestone
  • Created security architecture reference model for app development
  • Designed authentication and authorization
  • Performed HIPPA assessment for administrative and technical controls

Developed Cloud Security strategy and architecture for the client in preparation for cloud migration:

  • Reviewed current cloud architecture and delivered cloud security architecture reference model based on industry leading practices and frameworks:
    • NIST 2013, 2014
    • SANS 2016
    • Cloud Security Alliance (CSA)
  • Identified risks of moving to cloud and identified gaps in current security architecture including risks associated with data, business processes, authentication, access governance, and regulatory controls.
  • Delivered cloud security strategy document and a 12-48 months roadmap
  • Recommended Cloud strategy for next 3 years involving people, process, technology, and governance.  The strategy included a phased approach for application and data migration
  • Reviewed regulatory and compliance impact and steps to be taken to meet security and regulatory needs after transition into cloud