Security Assessment Risk Assessment IT Security Audit Penetration Testing Social Engineering Application Testing Wireless Assessment Security Training

Products

Regulatory Compliance Software – TraceCompliance Manager Risk Management Software – Trace Risk Manager IT Audit Management Software – Trace IT Audit Manager Compliance Monitoring Software – TraceComply Vulnerability Scanner – TraceAssess Policy Management Software – TracePolicy Training Software – TraceTrain Security Awareness Program Information Security Policy Development TSCM Implementation Program Security Compliance Tools

Secure Communications – TraceTunnel Multi-Factor Authentication – TraceAuthenticate

Industries

Credit Union Banking General Business / Retail Education Government Healthcare Electric Power

Resource / Media Center

In the News Events Webcasts Educational Articles Customer Successes Whitepapers Press Releases Video Testimonials Security Awareness Toolkit

Company

Overview Management Board Contact Us Partners Associations Careers Support

About TraceSecurity

TraceSecurity, the leading pioneer in cloud based security solutions, provides security compliance and risk management solutions for the Fortune 2000 market. The company delivers cloud-based services that help organizations achieve, maintain and demonstrate security compliance while significantly improving their security posture.

Through a combination of its software and professional services solutions, TraceSecurity helps clients address all critical components of a successful IT Security Compliance program, including people, process and technology.

TraceSecurity’s flagship solution, TraceSecurity ComplianceManager 5.0 (TSCM), is the first comprehensive cloud-based platform to integrate and automate vulnerability assessment, vulnerability alerting, regulatory compliance audits, policy management and dissemination, file/URL integrity monitoring and employee education and testing.

In addition, TraceSecurity has developed separate Risk Management and IT Audit Management products that can be seamlessly integrated into ComplianceManager.

The company's expert professionals provide comprehensive security assessments that include vulnerability assessments, penetration testing, application layer testing, IT audits and risk assessments. The team also provides security policy development, security awareness training and social engineering assessments.

With over 1,200 customers representing over $500 Billion in assets, TraceSecurity supports the security and risk management efforts of organizations in financial services, healthcare, insurance, government and other regulated sectors.

With TraceSecurity powering your security and compliance efforts on your IT network, disparate systems are eliminated as TraceSecurity simplifies your assessment and audit process, optimizes your policy controls, and streamlines your training to create a secure and compliant IT environment and enterprise.

TraceSecurity transforms your security and compliance operations into a well-oiled machine and cultivates an environment that increases your customers’ confidence, empowers your employees and improves your company’s entire IT security and compliance posture.

Because TraceSecurity’s software solutions are primarily web-based applications, there is no need for customers to dedicate many internal resources. Any authorized user has on-demand access - anytime and anywhere - through an internet connection.

TraceSecurity’s solutions are designed to provide the maximum benefit to our clients while saving them time and reducing expenses. Organizations can leverage TraceSecurity’s services and software to:

TraceSecurity’s solutions were designed to help our clients save both time and expenses. Partnering with TraceSecurity can help:

Meet and exceed IT Security Compliance regulatory requirements

Eliminate unnecessary IT, vendor and employee expenses

Streamline security compliance program

Improve the process of creating and disseminating policies

Develop standard, repeatable compliance processes

Reduce the amount of time preparing for examiners and audits

Enhance security compliance and awareness training programs

What makes TraceSecurity different?

Unlike traditional vendors who offer one-time services, TraceSecurity’s customers have access to teams of security experts who provide complete support and consultations through every phase of the client’s engagement.

By leveraging the combination of professional services conducted by certified engineers with a complete set of web-based tools to manage the core components of an information security program, we are able to provide the most efficient and comprehensive integrated solution for your IT Security Compliance, Risk and Audit needs.

We also help organizations avoid conflicts of interest with their managed IT vendors. TraceSecurity is not involved in the design, installation, maintenance or operation of our customers’ systems, which allows TraceSecurity to provide a truly independent assessment.

Because TraceSecurity’s software solutions are web-based applications, there is no need for customers to supply dedicated servers or be burdened with constant upgrades! Plus, any authorized user has on-demand access - anytime and anywhere - through an internet connection.

TraceSecurity is recognized by national media outlets as experts at combating social engineering. Our exploits have been spotlighted by numerous media outlets, including television networks like NBC Nightly News, CNN, CNBC, FOX News and NBC’s Today Show, plus leading publications like Business Week, the LA Times, Fortune Magazine and the New York Times.

As a customer, you will have full access to Customer Support throughout the term of your contract, Monday-Friday, 9am-6pm (ET). Expert assistance is available via:

Security Analysts to discuss your reports

IT Specialists to discuss your IT (e.g., vulnerability data) questions

Regulatory Specialists to discuss your regulatory questions

TraceSecurity's Core Solutions include:

Comprehensive Security Assessments (CSA)

TraceSecurity’s Security Assessments (onsite or remote) include a baseline assessment of your networks to determine the adequacy of existing security measures and to identify vulnerabilities. TraceSecurity also includes access to TraceSecurity ComplianceManager software which provides on-demand access to a host of security compliance tools.

Risk Assessments

TraceSecurity’s experts measure the individual risk level of each information asset as they relate to Confidentiality, Integrity and Availability (CIA). This process determines what types of controls are required to protect the organization and also provides a framework to prioritize remediation. The entire Risk Assessment process is captured and managed through TraceSecurity’s RiskManager module, which automates the process and provides a foundation for future Risk Assessments.

IT Security Audits

The TraceSecurity IT Security Audit tests and validates the existing security controls that are deployed on a network and compares the results to FFIEC requirements and international Best Practices standards. The entire process, including documentation of each individual step, is compiled into a comprehensive report that satisfies compliance regulations and helps streamline the audit process. The IT Security Audit process is managed through the TraceSecurity IT Audit Manager that automates the process and provides a foundation for future IT security audits.

Penetration Testing

TraceSecurity provides both External and Internal penetration testing services. External penetration tests examine external IT systems for weaknesses, then mimics the actions of actual attackers by exploiting those weaknesses to gain greater access to the network, thus disrupting the confidentiality, integrity or availability of the network.

Internal penetration tests examine the IT systems behind the network perimeter (servers, workstations, etc) for any weaknesses that could be exploited by an attacker. These tests are typically performed onsite, but may be carried out remotely.

Social Engineering Engagements

With over 1,000 Social Engineering attempts for a variety of organizations around the world, TraceSecurity is considered to be a foremost authority in Social Engineering safeguards. Prior to the Social Engineering engagement, the TraceSecurity team develops a comprehensive and thorough plan of action customized to the unique needs of each organization. After the engagement, clients receive a comprehensive reports from which customized training can be developed either on-site or delivered remotely through TSCM.

Information Security Training

TraceSecurity provides a unique solution for developing and managing a customized security training program. Organizations can leverage TraceSecurity’s cloud-based platform to customize online educational courses for multiple groups, administer tests to staff and have the results automatically be logged and tracked. Our new web-based training series, the TraceSecurity Security Awareness Program, is designed to educate employees and influence their behavior by increasing their knowledge of security, help them better understand potential threats and show how they can help reduce the risks. TraceSecurity also offers on-site security awareness training by industry-leading experts.

Web Application Testing

TraceSecurity’s Web Application Tests are performed by expert analysts using an almost entirely manual methodology. The manual process accurately identifies far more vulnerabilities than using only automated scanning tools, thus, ensuring your applications are highly secured. Web Application tests reveal potential vulnerabilities that may result from improper system configurations, hardware or software flaws, or any weaknesses within the application’s existing countermeasures.

TraceSecurity provides clients with a comprehensive web-based portal, TraceSecurity Compliance Manager™ (TSCM), that provides access to a variety of tools clients use to manage all the processes of an information security program.

All the critical components of information security are contained in TSCM, including information assets, policies, vulnerabilities, and the institution’s regulatory compliance posture. TSCM helps organizations by offering:

Simplified security with easy to understand language for policy, remediation, regulations, and standards compliance
Automated, knowledge-based software solution that is updated when new threats, vulnerabilities, policies and regulations change
Continuous monitoring of the security process - not just a point in time. TSCM empowers institutions to monitor themselves with the software, or have the option of using TraceSecurity services
A consistent, repeatable process that measures your organization’s security posture the same way every time
Customized, detailed vulnerability and compliance assessment reports that identify areas of vulnerability and provide detailed recommendations for remediation necessary to exceed regulatory and standards compliance mandates

TSCM includes the following standard modules:

TCSM Module	Benefits
TSCM Dashboard	The Dashboard provides a snapshot view into vulnerability status, policy acceptance, compliance statistics, etc.
TraceAssess	Allows the organization to conduct unlimited, on-demand network vulnerability scanning. MORE DETAILS
TraceComply	Facilitate an ongoing review of its compliance with relevant industry security requirements. MORE DETAILS
TracePolicy	Reduces cost and effort in creating/distributing policies and reporting on acceptance of those policies. MORE DETAILS
TraceTrain	Allows the creation of internal training of employees on policies, security and other topics. MORE DETAILS
TraceReport	Provides on-demand board, management, auditor, and technical reporting for all TSCM modules.