Green Delete offers
Green Delete is equipped to handle most threats to your data security. We help your organization secure your data, comply with regulations, and protect itself responsibly and sustainably.
We offer a wide range of data security solutions and a 30-minute free consultancy call. Set up a date and time here.
Green Delete securely eradicates data from data-bearing devices, eliminating the need to destroy valuable assets.
When data overwriting isn’t feasible, Green Delete permanently destroys or degausses digital storage, following NIST standards.
Our Virtual Auditor solution empowers organizations with the knowledge of threats and vulnerabilities based upon consistent and comprehensive assessments. This enables a precise response to meet not only IT compliance requirements but to implement a formal technical information security program. Virtual Auditor provides our clients with a full Governance Risk and Compliance (GRC) solution for Information Security and Data Protection. From policies all the way to technical assessment, Virtual Auditor provides the platform, technology, and a certified expert to support your organization through the entire security lifecycle.
Green Delete’s data privacy and information security experts will review the types of data your organization collects, creates, processes, stores, shares, archives, and deletes. Our certified experts will help your organization build an information security framework that addresses all legal requirements (regulatory), industry requirements (e.g. PCI), and contractual requirements (Contracts, SOW, Customer requirements, BAAs) to build a single comprehensive security framework. Our team can recommend tools and techniques to achieve and maintain compliance with your program’s goals.
Most organizations have some semblance of security policies in existence, but they may be out of date, not comprehensive enough to cover all of the requirements, or there may be so many that no one reads the phonebook-sized policy manual. We de-duplicate, streamline, and match what you have to what you need to reduce work.
Based upon the framework or law applicable to the Company, we perform a gap assessment comparing what is required of the organization (e.g. HIPAA, PCI, NIST 800-53, ISO 27001/02 or many more), to their policies, procedures, practices, and protections. We develop a report that lists the requirements, identifies current control mechanisms and supporting policies and procedures, indicates the gap, and opinions on a level of risk associated with that gap.
With Virtual Auditor’s GRC module, creating a Risk Assessment Report at a moment’s notice internally, or as a part of a validated third party process, is easier than ever and voluminously documented.
Green Delete offers Vulnerability Scanning, Penetration Testing (PEN Test), Application Fuzz Testing (Fuzzing), and Black Box Testing. A GreenScan, GreenTest, or GreenFuzz project is a technical assessment of the infrastructure, systems, devices, and applications that the organization relies upon.
The technical assessment can be elevated to the level of depth that your organization is looking for from passive scanning to Penetration Testing, application Fuzz Testing, and Black Box testing, in increasing order of intensity and thoroughness.
After risks and vulnerabilities are discovered and prioritized, developing a plan to achieve remediation is the next logical step. This is usually required by the regulation or framework impacting your company. We help all of our clients to prioritize risk; what are the biggest issues and where is the low-hanging fruit.
Green Delete can provide incredibly useful and understandable planning documents usually including a Project Plan in MS Project, Excel, or even SmartSheets, a unique Security Roadmap, and an executive-ready remediation timeline. Our clients choose between one of the four acceptable methods of addressing risk for identified elements and then launch into the plan to achieve the decision, and fully document their efforts.
Assessments, Sales, Implementation, and Managed Services. (GreenDiscover). DLP is the only data-aware, technical solution to finding out what type of data an organization has, where that data is stored, who is using the data, how they are using it, when they are using it, and who they are sharing it with.
Our DLP can both search for common data types (SSN, PHI, CC Numbers, more), or, in our Fingerprint mode, take one-way secure hashes of critical data assets and then search for any portion of that data anywhere across: devices, all shares, network traffic, portable media, Email, SharePoint, and more – even if the file is renamed or Zipped. If you have specific data that needs eradicating while the balance remains, we can often assist with that option as well.
Social Engineering Tests are the only safe way to find out if your security control mechanisms, including employee awareness training, are working. Your organization is being social engineered on a constant basis by the bad guys; find out how effective your company is at repelling those attacks without waiting for the result to show up in a headline or being named in a lawsuit. We can phish, phone, or on-site assess any organization.
A Disaster Recovery Plan is a technically-focused plan to enhance resiliency, redundancy, and recovery of technology systems in the event of an outage or downtime. Most companies do not have a DR Plan. If they do, it is incredibly out of date, and those that have anything current usually only have technical scripts and backup tapes / drives. Few have an actual Plan that focuses on crisis communications, order of operations, has standards-based forms in it, up to date contact lists, and other components that are part of planning.
Our DR Planning is based on the Disaster Recovery Institute International (DRII.org ) and NIST 800-34 to develop a standards-based, comprehensive plan. We can also help companies run drills and/or exercises to test if their plan is effective, provide a result’s report, and help them update the plan. Testing of a plan is CRITICAL for the training component. The right time to test a plan is when it is not an emergency.
A Business Continuity Plan is a non-technical plan that helps to continue key business operations in the event of an unplanned outage or unavailability of a facility, subset of employees, or a key vendor. I.T. is just another department in BCP; they should not lead the project. Organizations typically do not know what they do, how they do it, and who it takes to get it done. A BCP will discover and document everything critical to continued operations for your company.
A Business Impact Analysis rates the relative order, from 1 to ###, of the impact of the unavailability of applications, key vendors, and business processes. A BIA will order the in-scope items in relative order of each other, and will rate the impact of unavailability according to Operational Impact, Financial Impact, and Regulatory Impact, as well as identify workarounds or manual processes.
We offer development of process flow diagrams for all of the functions found in the BIA and/or BCP. Green Delete can flowchart, process flow, or swim lane all in-scope processes. Surprisingly, many organizations have no idea how things actually get done. Let us pull back the curtain and document reality.