|
|
Compliance Services -- Providing
executive and technical leadership for SSAE16/SOC 1 and 2, PCI, and HIPAA areas. |
Mike
Daveler has dealt with many legal/regulatory, compliance and security issues; recent projects included performing a full PCI
DSS 2.0 readiness assessment of a medical device division of a large multinational corporation, leading the SOC 1 Type 2 certification
efforts for a leading prepaid debit card company, and also leading the efforts for a top cloud provider in attaining their
SOC 2 Type 2/3 compliance certification. All projects required a deep knowledge of the compliance requirements, as well as leading the efforts
from both a project management and management/technical design, review and remediation focus. These projects
also involved extensive, regular communications with management, divisions, and outside auditors, as well as regular internal
status reports and briefings. Below are a few examples of compliance project engagements: HIPAA Security Readiness Assessment, Independent Benefits Administrator. - Currently performing a complete HIPAA security readiness assessment
of the potential risk and vulnerabilities to the confidentiality,
integrity and availability of electronic protected health information (ePHI) against HIPAA control requirements.
- Perform external and internal vulnerability assessments of infrastructure
devices and servers using QualysGuard; provide detailed analysis of findings and remediation requirements.
- Use of an
innovative quantitative evaluation that provides appraisal ratings of administrative, technical and physical controls for
each major area within the HIPAA security standards
Security Lead/SME,
Leading Cloud Services Company. Led efforts to successfully attain a SOC 2 Type 2 and SOC 3 compliance certification within 60 days.
Implemented additional controls for even greater security for internal corporate systems. Chaired a Data Loss Prevention (DLP) working session for an independent investment and wealth management firm (customer
of the cloud services company). Presented several design and operational improvements for the environment. Provide CISO-level guidance and advice to senior management for strategic and operational security requirements for
internal corporate and customer environments.
PCI Readiness Review,
Medical Device Division, Multinational Corporation. Complete PCI 2.0 readiness review including issuance of a full report covering all 12
PCI areas and remediation requirements. Work completed in the client-required 30-day period. Created as-is and proposed PCI compliant and secure infrastructure network diagrams. Reviewed
all operational and technical areas, including policies and procedures, infrastructure design, application development, and
global office connectivity. Identified areas of non-compliance and
required remediation efforts, and prepared presentation for senior management.
Infrastructure and Security Review, Proposed Data and VoIP Re-Design Project,
Midwestern USA Regional Medical Center. - Reviewed all design documents, infrastructure, and interviewed IT staff to ensure HIPAA
security compliance.
- Reviewed Nortel and Cisco router and firewall security configurations, as well as design and security of VLANs for
hospitals, clinics and business partners. Identified key areas for security improvements. Recommended
a meshed, high-availability core and edge firewall design for increased security and throughput.
- Made additional security recommendations for Intrusion
Detection and Prevention (IDS/IPS) systems for critical areas, centralized logging and analysis of all log files from infrastructure
devices and fileservers, and policy manager software to push out security and management policies to infrastructure devices
and to enforce policy compliance on end devices connecting to the network.
|