Procyon Security Group

Sample Project List

Procyon has been involved in a range of private and public sector projects and, for the past four years, has been heavily involved in providing services to British Columbia's central government and health care sectors.

The following is a representative sample of Procyon Projects:

Network Penetration Testing (2010)

Performed external and internal penetration testing for a major regional college. Scope included review of network architecture, network and application vulnerability scanning, and manual testing of network and application security.

Recurring ISO 27002 Compliance Assessments (2008-2010)

Multiple reviews of corporate security policies and on-site review of security practices for a provincial energy management organization. Compared policies and practices against ISO 27002:2005 using a formal capability maturity model to identify areas of security management strengths and weaknesses, and comparison of year-to-year results.

eHealth Security Architecture (2007-2010)

Provided an eHealth Security Architect and an eHealth Security Analyst in support of the BC Interoperable Electronic Health Record / Provincial Lab Information System (iEHR/PLIS) project. The iEHR/PLIS project involved the development and implementation of a Canada Health Infoway (CHI) EHRS architecture blueprint compliant system using HL-7 based messaging to collect and distribute lab messaging across health organizations.

Procyon's direct contributions to the project included the following tasks:

• Developing solutions architecture and business requirements for critical application components with a focus on security and identity management functions.
• Development of an extended risk assessment methodology and reporting template based on the provincially prescribed IRAM STRA methodology and execution of multiple Security Threat Risk Assessments against overall infrastructure and connecting organizations following the provincially prescribed IRAM STRA methodology.
• Representation on various working groups to ensure identity management integration with existing and planned core government and health organizations' network and identity management infrastructures.
• Acted as project representatives for the BC eHealth Security Working Group (eSWG) which focused on development of privacy and security compliance requirements mapping between Canada Health Infoway (CHI) privacy and security architecture and provincial information security policies and core policies and procedures manual.
• Mapped compliance of solution design and planned operational policies and procedures with CHI privacy and security architecture requirements and BC information security requirements (based on ISO 17799/27002) against solution design and planned operational policies and procedures.
• Acted as an interim operational security resources for the initial production release of the application prior to on-boarding of early adopters.
• Performed detailed application security testing in support of acceptance testing, including design and execution of security test cases against all components of the iEHR/PLIS solution.
• Conducted network penetration testing against both test and production environments.

Identity Management Solution Implementation (2006)

Procyon's consultants managed the development and implementation of a password synchronization and self-registration system for CareConnect, a Vancouver Coastal Health multi-application electronic health record (EHR) system, including connectors to multiple network operating systems and custom connectors to clinical applications in a multi-domain, multi-forest Active Directory network environment.

Sarbanes Oxley Pre-audit Support and Policy Development (2005-2006)

Performed Sarbanes Oxley compliance assessment using CobiT in preparation for an upcoming Sox compliance audit for a major Canadian mining organization. After the assessment Procyon also designed a remediation plan and helped to develop formal security management policies and procedures.

Identity Management Strategy Development (2005-2006)

Development of an Identity Management strategy encompassing automated provisioning, automated authorization workflows, password self service, username/password synchronization, etc for Vancouver Coastal Health Authority. The project involved modeling existing user management processes, conducting a technology survey for IDM solutions, and formulating a detailed strategy. Provided input on a number of Identity Management related initiatives including development of password policy and of challenge question strategies for authentication.

Recurring Network Vulnerability Assessments (2005-2007)

Procyon's consultants conducted recurring network vulnerability assessments for a major Canadian insurance company including internal and external port scanning, vulnerability testing, manual exploitation of findings, manual review of server configuration, manual firewall rule assessment, and custom development of year-to-year results reporting.

Network Vulnerability Assessment (2004)

Performed internal and external port scanning, vulnerability scanning, and findings resolution in support of a major internal security audit for a major municipal government network covering 139 target servers

Risk Assessment Methodology and Knowledge Transfer (2003-2004)

Developed a corporate information security risk assessment methodology for a major Mid East oil company and conducted security threat and risk assessments on several systems as a means of proving the methodology and transferring knowledge to staff members in the company's Information Protection Division.