Secure20 FAQ

Why is Secure20 different from other Internet Security companies?

Secure20 strives to provide the very best in service and attention to clients. We have on staff some of the most experienced and talented professionals in the Information Security field. We have pooled the expertise of many IT security consultants, implementation experts, cryptographers, engineers, network architects and project managers.

Secure20 consists of business-minded IT security professionals who have decided the best way to serve clients is as an independent, fast-moving, fast-thinking security solutions firm. 

When was Secure20 founded?

Secure20 started in 1997 as another entity  That entity was founded by two Wells Fargo Bank IT Security Executives. Eventually, that company expanded successfully and was acquired by Certicom, Inc. in late 2000. Business environments change fast; we then split off from Certicom in early 2001 and re-branded as Secure20, retaining our clients and only our most qualified resources.

What is your primary business objective?

To assist clients in identifying risk/exposures within their IT infrastructure and working closely with them to mitigate known and unknown risks with cost-effective security solutions. Firewalls are not enough. We find that clients often have purchased point solutions when only a total solution will solve the security problem. 

What kind of clients do you serve?

Our clients range from Banks & Brokerages, to Technology clients, to Healthcare and e-Government. As the highest levels of e-Security are critical to these types of clients, Secure20 brings that expertise to every assignment. Most of our clients are in the Financial and Technology sectors, although we also service clients in Government, Healthcare, and Telecommunications. 

Where does Secure20 do business?

Our business began in the San Francisco Bay Area. Now we service clients throughout the nation through offices in both San Francisco and Denver.

What are the major causes of Computer and Internet Insecurities today?

Lack of security policies (requirements) to drive good designs for:

• Applications and Program Code
• Network Design

• Cryptography

And...

-The difficulty in keeping up with software patches.

-Lack of Testing, a Rush to Rollout

Because of the above and more, systems are being vetted on the open Internet and within large Corporate Intranets. This allows people with very little sophistication to take advantage of these open doors and exploits. This has been the case for decades, pre-Internet with all software. 

Are you hackers?

We do perform "ethical hacking" of client systems, networks, and applications, on an engaged basis. We prefer the term "structured vulnerability testing". The purpose of this is many-fold but basically it is to determine present weaknesses in systems, networks, and applications. Afterwards, we provide new designs and total security solutions towards mitigating risk of someone else exploiting the same weaknesses. 

In fact, the above is only a small part of the e-Security Solutions process. It is a first step towards solving a much larger set of issues.  We find most all networks and applications to be somewhat insecure, with various vulnerabilities. High-security systems are difficult and expensive to build.

See our Assessment Project Scoping/Sizing Form for the information needed to start.

My network is secure, I think, but I have to connect my network to a Business Partner. How can I know they are in fact secure? 

Secure20 specializes in performing "Due Diligence" and "Site Security Reviews" for companies that are connecting their networks with Business Partners, or, for Mergers & Acquisition activity. We can help you to determine what the appropriate steps are to take, and, we can work with your Partner or Acquisition target to assess their Network and Technology Security Posture in a non-threatening manner. A little Due Diligence can save a lot of headaches post-connection or post-merger. 

Can you help in criminal investigations?

Yes. We do work in the Computer Forensics and Investigations area. We are experienced in assisting Authorities with crime scene investigations, preservation of evidence, and in audit work to gather evidence. We can also testify to our work in court. See our Forensics & Legal Services.

Can you help to provide physical security solutions, i.e., Corporate Protection Services, Bug Sweeps, etc.?

Yes. 

Are you familiar with the unique needs of the Healthcare Industry, in particular new HIPAA requirements?

Yes. We are quite familiar with the HIPAA requirements for the healthcare industry. In fact we provide services in this area, such as with our Secure20 HIPAA Gap Analysis service. This service helps you to determine what you need for compliance. In fact, other privacy regulations, such as the Gramm-Leach-Bliley Act also have impact on a broader scale, and are factored into our Gap Analysis services.
 

We may need some assistance. What are the next steps?

Contact us. Our contact information is here at http://www.secure20.com/contactus.html.

We can then work with you to determine exactly what your needs are and what the engagement and resource costs may be for a particular project. Typically, we like to have a phone conversation first with a client then have an exploratory meeting at the potential client's site in order to fully understand your unique needs.