Cerberus has performed a variety of assignments over the years. Our experience is proven and our clients are satisfied. The following is only a partial listing designed to show the extent of our experience.

Following is a small sampling of assignments we have performed:

. SOX Controls Implementation . Security Governance . Security Policy and Standards . Network Review . Government Agency Fraud Investigations . Security Architecture

Following is a small sampling of organizations we have completed work for:

. Service Bureau . Financial Institution . Telecommunications . Utility Company . Medical Bureau . Government

SOX Controls Implementation

Implemented a variety of security controls to assist an organization located in central Asia to comply with Sarbanes-Oxley legislation (they were listed in the USA stock exchange). Client had a number of Unix and Windows platforms with very little formal security in place. Extensive implementation of controls was required in a very short time period. Though aggressive scheduling was required, we managed to provide all contracted services in a timely manner, meeting all objectives. This was achieved despite various issues with government overthrows that occurred while we were onsite and general difficulties in obtaining products in that particular part of the world. Back

Security Governance

Assisted a client with their implementation of corporate security governance. Built effective Policies and Standards, created an Awareness program and helped design security reports and appropriate logging. This major utility continued to enhance their security program using that work as a base. Back

Security Policy and Standards

We have assisted many organizations with their Security Polcies and Standards. We have designed and implemented numerous Standards and built effective Policy statements for senior managment sign-off. Additionally, we have provided many organizations with effective, efficient audits of their existing inforamtion security policies and standards, helping them find gaps and weaknesses for later correction. Back

Network Review

Performed a technical review of a mission critical network for a major vendor whose products are brand name and easily recognizable. We reviewed their head office network as well as their factory locations to ensure they had up-to-date and effective security processes, standards and technologies. Back

Provided Government agency with Fraud Investigation

Carried out several forensic investigations for different government agencies to assist them in defining the extent of employee fraud and violations of standards. The reviews encompassed assessing hard drives and log files from various sources to determine inappropriate data, use of business assets for personal gain and other fraudulent activities. Back

Security Architecture

Developed a security architecture for a major North American utility company. The architecture document set out the security needs, expectations and responsibilities of the various divisions and established a cohesive understanding of information security throughout the company. In addition, we designed and developed a set of comprehensive security Standards covering Internet, Virus Control, Electronic Mail, Windows NT, NetWare and Unix that were approved and implemented. Back

We have performed work for a wide variety of organizations.

Service Bureau

We performed a preliminary security review of this client's information processing (relating to internal controls over sensitive data) and overall security standards and procedures. The project's purpose was twofold: to determine the extent to which they comply with customer requirements for information security and to provide immediate tactical improvements; and to develop a viable action plan to implement a more thorough and structured approach to information security for the future. Back

Financial Institution

We provided technical expertise during their initial PCI compliance review. Working with PCI officials, bank staff and external auditors we helped ensure that the organization achieved PCI compliance. Back

Telecommunications

At this client we provided hands-on expertise and administrative assistance for their security administration area. Faced with a sudden departure, the client needed fast, effective replacement to ensure that their clients were not impacted. On two separate occasions over the years we have provided experts in CA-Top Secret and then RACF to supplement their day-to-day security administration, usually for a three month period while new staff was sought, hired and trained. Back

Utility Company

We have provided extensive assistance to this large utility company. Our help has included administrative support for their Novell LANs and their mainframe security product (two people fulltime); a complete set of Security Policy and Standards customized to fit the GSSP draft document; a security procedures manual; and management support on general security issues. The Generally Accepted System Security Principles (GSSP) document is produced by the Information Systems Security Association (ISSA). Back

Medical Bureau

We assisted this client with an in-depth security review of their heterogeneous environment and provided them with a number of sound recommendations for improvement. Additionally, we documented a clear set of baseline Security Standards covering all their computing platforms. Back

Government

We have performed numerous assignments for both Provincial and Federal governments.