practical information security

Crimson Security Assessments

ISO 27002 Compliance

Penetration Testing

PCI Compliance

NIST 800-53

Service Offerings

Crimson Security provides consulting services to organizations that adjust on their particular security needs.

Crimson Security Assessments

SSAE 16 Audits

Crimson Security offers SSAE 16 and SOC audits through our partner accounting firms

Crimson Security offers SSAE 16 and SOC audits through our partner accounting firms

Penetration Testing

Crimson will conduct full-scale penetration testing against clients’ information systems infrastructure. Crimson prefers to conduct “full knowledge” Pen-tests, and will give a comprehensive report on all areas of potential data leaks or full breach.

Vulnerability Scanning

Crimson will conduct Internal and External automated scanning using multiple tools, testing for the same vulnerabilities different ways and providing manual verification of positive results.

Vendor Security Management

Crimson provides comprehensive vendor security compliance and maintenance for companies that need a simple way to evaluate, rate and manage security issue remediation of their vendors and Partners.

Incident Response Services

Crimson will provide planning help and implementation guidance in creating a company appropriate IR plan, including training and testing of plan.

Crimson will also provide resources in the case of a security incident to help in containment, recovery and investigation operations.

Forensic Analysis Services

Crimson will conduct comprehensive forensic analysis on any suspected incident.

Security Monitoring – SEIM services that are compliant with any of the above standards

  • Implementation (Installation and configuration) of application for monitoring purposes
  • Training current staff in identifying security alerts that would need investigation
  • Provide escalation for any alerts that are deemed to be serious
  • Monitoring will be for logs, IDS/IPS and antivirus.
Remote Pre-Audit Preparation

Crimson Security is dedicated to seeing its clients create a more secure environment. With that in mind, prior to our on-site visit, we will go through all the PCI requirements and documents through a series of conference calls. These calls allow our clients the proper lead time needed prior to our on site visit, and help gauge the immediate security needs which may require remediation time.

Remediation Assistance

Most security auditing companies conduct ‘white glove’ audits and leave the site. Crimson Security offers tangible and practical solutions before, during and after the audit is completed. Since we do not partner with any software or hardware vendors, our recommendations are truly un-biased and are based on the practical business needs of each client.

It is our goal to help raise your security posture, which allows you to do business in any vertical market with confidence. Our technicians will explain why a certain risk is a risk, not just report that something has been found. Remediation through knowledge transfer and training is our forte.

Remediation assistance items include (but not limited to):

  • Policy & procedural templates
  • Network topology re-configuration
  • Firewall & Router configuration and recommendations
No Limit Policy

When we review your company, we give you a top down full coverage assessment. We put no limits on the devices we test and no limits on war dialing. While we believe the usage of security tools is important, what good does it do if the usage is limited? This gives you a narrow view of your security. Crimson wants you to have the whole picture, and a report that reflects it.

Detailed Reporting

Crimson Security believes in reporting that everyone can understand. Our reports can be broken down at the executive level as well as the IT level. The reports are not canned and are unique to each client. An easy to use checklist is included in the reports, prioritized by risk and recommended ‘time to fix’. Reports are written generically, so you can use them to obtain business with any of your potential and existing partners.


Crimson Security is completely flexible on when our audits are conducted. We offer our clients off-hour and weekend assessments to work around daily production at no additional cost.

No Hacker Policy

Simply put, we do NOT hire hackers, although our competitors have been known to (and oddly enough, admit to). Every Crimson technician is either a CISSP or has attended at least one GIAC certification course. Many also maintain current certifications with Cisco, Microsoft, Novell and Checkpoint (to name a few). We believe in putting honest security certified technicians on site.

Ongoing Technical Support

Upon completion of the assessment, our clients are advised that they can call us at anytime with questions they may have relating to the assessment report. Our support hours are Monday through Friday, 9am – 5pm EST

Owner Accessibility

When possible, one of the owners of our company will be onsite to partake and or manage in the assessment.

Real World References

Crimson Security will align you with another company in your vertical market and similar size. We believe you should hear what our assessments are like from a similar company, rather than a company that looks and feels nothing like your. If you would like references, you need only ask.

We are one of the best reviewed Security Assessment Firms in the US.

If you want to be represented by one of the best Security Assessment Teams for your Security then do not hesitate and write us a mail!


Customers satisfied


Years of experience


Availability & Support


R.O.I. for our clients