About AWA
AWA, a division of I.S. Partners, LLC serves as an extension of the controls-based CPA auditing firm and was formed in response to the growing market need for specialized information security services provided by skilled professionals with technical expertise.
Our IT security professionals have practical experience as leaders in the information technology field. They have worked hands-on as CISOs, information security managers, network engineers, IT project managers, as well as security and help desk professionals. AWA International Group utilizes cutting-edge methods and tools to keep your organization secure.
Why Choose AWA?
Our experts provide guidance in utilizing cybersecurity frameworks and controls that are best suited for your organization. The goals are to strengthen your risk posture, data protection, and security standards of your organization. In conjunction with IS Partners, LLC’s established SOC practice, AWA and ISP offer a streamlined path to audit compliance and/or certification.
Examples Of Our Work
- Credit Card Payment Channels
Assessing Effectiveness & Efficiency of Credit Card Payment Channels
A leading North American insurance provider wanted AWA to do an analysis on multiple payment card channels used by the organization. The company wanted to integrate automated payment processes after making multiple acquisitions both domestically and internationally. AWA met with business process owners to understand the scope reduction efforts, such as network segmentation and tokenization. We also analyzed how payment cards are stored and identify strategies to narrow the scope and effort of complying with PCI. AWA also evaluated its technical security architecture and capabilities against best-practice controls used among cross-division security leaders. The results uncovered a suggested integration path and many previously unreported insights about the payment processes throughout the company’s technology landscape.
- Information Security Management System
Evaluating & Transforming the Information Security Management System
As a part of a security transformation, we helped the chief information security officer of a North American financial institution to evaluate their information security management system (ISMS) against the ISO27001 framework as well as their industry peers. The ISMS review was conducted through a series of interviews with key control process owners, walkthroughs of control processes, and review of policies, standards, and control artifacts to determine if key control processes were being performed. The recommendations provided from the assessment helped the company assess the maturity of their controls based on industry peers and improve their overall security posture.
- AWS Cybersecurity Breach
Rapid Response to AWS Cybersecurity Breach
One of our global clients, with headquarters in North America, had a data breach that contained card holder data (CHD). Attackers used a malicious JavaScript code (magecart) to skim and capture the client CHD. Logging and versioning were enabled, which helped the company identify the timeframe when the malicious scripts were in place and which sites were infected. AWA ensured that the incident response policies was followed to contact all affected parties by the company, as well as notifying and working with authorities. AWA worked with the company to establish a process to audit and alerts their Security Operations Center (SOC) when S3 buckets are setup.
Security Framework & Cybersecurity Assessments
By performing a detailed security risk assessment, we can provide a prioritized list of actionable recommendations for improving a company’s security posture. With our highly skilled security team, AWA can assist in remediating all security risks.
Penetration Testing Services
Trying to gain access to your network helps us identify any vulnerabilities that hackers can currently exploit. Then, we recommend upgrades to hardware, firewall, and/or IT policies and procedures for optimal protection. Regardless of your organization’s size and scope, we can help protect against the worst cyberthreats.
Advisory Services
Organizations are increasingly relying on outsourcing to reduce costs and improve organizational focus. Developing a robust risk assessment framework geared toward reducing third-party risk is essential. We do this through a combination of cybersecurity assessments, penetration testing, and advisory services.
- Cloud Environment Security Assessment
- ISMS Risk Assessment
- Virtual CISO / CISO Advisory Services
- GDPR
- Security Infrastructure Implementation & Evaluation
- PCI Transformation
- NERC CIP