Risk Assessment

Cobaltix Compliance conducts risk assessments with the client in mind, utilizing a customized top-down and inside-out approach. Risk assessments evaluate company’s risk to reputation, assets, people, privacy, integrity of systems and data loss. We work extremely closely with our clients. Our aim is twofold: we look to improve the security infrastructure and environment of our clients, protecting them from potential breach and attack, and to make sure they are 100% compliant with the latest regulatory requirements.


Vulnerability Assessment

Cobaltix Compliance performs vulnerability assessments on external networks, internal networks, and company websites. Clients frequently ask us to examine their web sites which are hosted with a third party and we often find security flaws. The process has multiple steps which are carefully designed to be performed in an unobtrusive manner by an experienced security engineer. We provide both a detailed technical breakdown for IT staff as well as a brief executive level summary with recommendations for remediation. At the request of our clients, we have also worked with third party hosting companies to help address website vulnerabilities.



Vendor Due Diligence

As most companies now have a great deal of data in the cloud, security risks at third-party vendors' are just as important as the organization’s. Regulators recognize this as well, and have been focusing on this topic in recent audits and examinations. Cobaltix Compliance will conduct a due diligence report on each of the clients’ vendors, checking for certifications, track record, reputation, and reliability. The due diligence review provides assurance that a vendor or potential vendor is stable and has both reputation and practices indicating that it is secure. It has been the case multiple times that when a vulnerability was discovered with cloud provider’s website, our team worked with their technical team to provide detail on how to remediate the vulnerability.


Penetration Testing

Cobaltix Compliance approaches penetration testing as a proof-of-concept to exploit vulnerabilities that have been discovered during in-depth reconnaissance.  Our security engineers use industry standard tools and work-flows, tailoring each engagement to best suit our clients, in order to find and exploit vulnerabilities.  We provide detailed reports with findings and recommendations on how to fix or defend against vulnerabilities discovered for both an executive and technical audience.



Policies, Procedures and Practices

Cobaltix Compliance creates and reviews policies and procedures on behalf of our clients. Policies and procedures, and their implementation, are incredibly important from a regulatory perspective—these are often the main elements that regulators look at. We use a hands-on client-focused approach to create new policies from scratch as well as to review existing policies, making sure they encompass the organization’s standards and meet the latest regulatory requirements. Our team has experience in a wide variety of business and technology areas, some of which include:


  • Cyber Security Policy
  • Disaster Recovery Plan
  • Business Continuity Plan
  • Data Protection Policy
  • Remote Access Policy
  • Lost/Stolen Laptop Policy/Procedure
  • New hire Procedure
  • Termination Policy
  • E-mail Retention Policy
  • E-mail Usage Policy
  • Removable Media Policy
  • Bring Your Own Device Policy
  • Network Security Policy
  • Wireless Security Policy
  • Server Security Policy
  • Workstation Security Policy
  • Mobile Device Encryption Policy
  • Software Installation Policy
  • Administrative Credentials Policy
  • Data Breach Response Policy
  • Server Backup Policy
  • Workstation Backup Policy
  • Application Acceptance Policy
  • IT Equipment Disposal Policy
  • Cloud Services Policy