Parenty Consulting Ltd

Case Studies
The following case studies provide examples of the ways in which Parenty Consulting has assisted numerous enterprises address information security issues critical to their success.

Promoting Safe Collaboration
Industry: Manufacturing
Challenge: Protecting intellectual property

After a major Asian automobile manufacturer suffered significant financial losses from the theft of design information, they developed a new system for worldwide collaboration. We performed a security assessment to determine if the system was strong enough to protect sensitive R&D information. The assessment encompassed the underlying network architecture, data center provision, connections to preexisting company networks, as well as third party technologies. Our assessment uncovered numerous vulnerabilities, but our recommendations enabled the client to reconfigure their existing systems to provide the necessary level of protection.

Ensuring Sound Financial Transactions
Industry: Banking
Challenge: Preventing insider fraud

After an incident of insider fraud at one of the largest banks in a north Asian country, we performed a thorough security analysis of its retail banking and credit card operations. This entailed a combination of network perimeter testing, security architecture analysis, and enterprise application assessment. Going beyond the limited scope of some industry criteria, this assessment addressed protection issues for all of the software, systems, networks, and people with access to sensitive financial information and transactions. This process uncovered numerous system vulnerabilities and provided the bank with a comprehensive picture of their security posture as well as actionable recommendations specifically designed for them.

Expanding China-Based R&D Operations
Industry: Manufacturing
Challenge: Creating a safe environment for high-value intellectual property

A European-based manufacturer was expanding the scale and importance of the R&D work being done in China. Given concerns over increased exposure to intellectual property theft, Parenty Consulting was engaged to evaluate the design, administration, and use of systems processing their most sensitive information. This assessment allowed them, for the first time, to understand and therefore manage the risks they were facing. Recommendations covered areas such as the redesign and configuration of software applications, use of third-party security products, and changes in the ways their systems are administered.

Promoting the Secure Sharing of Medical Information
Industry: Healthcare
Challenge: Protecting patient information

After a series of incidents in which patient information was lost from a number of hospitals, Parenty Consulting was hired to provide strategic remediation direction. Starting with a detailed analysis of the root causes of these incidents, we developed a methodology for reducing the exposure of patient records to loss as well as a series of technological measures to mitigate the remaining risks. The overall approach included a shifting of greater security responsibility to system designers and administrators, thus enabling healthcare providers to focus on their primary, care giving tasks.

Supporting Innovation in a Highly Competitive Market
Industry: Computer gaming
Challenges: Protecting intellectual property and preventing internal fraud

Employees of a Chinese publisher of on-line multi-player games used their system privileges to produce, and later sell on the black market, weapons and other items used in the games. We were hired him to evaluate the system vulnerabilities that allowed this to happen as well as to assess the security mechanisms in place to protect new games while under development. This entailed a detail assessment of their computing infrastructure and network conductivity with software development partners. Among other measures, selective use of encryption and auditing were deployed.

Ensuring a Productive Work Environment
Industry: Manufacturing
Challenge: Protecting employee compensation and benefit information

Detailed salary and personal information on the Asia-based executives of an American company were posted on a website. This led to significant discord within their Asia operations and to the ultimate departure of several executives. We performed a thorough security analysis of all of the systems and associated workflow involved in the processing of this information. Our recommendations not only addressed the threat of an external attack, but also focused on ensuring that employees could only use sensitive information for its intended purpose.

Leveraging Outsourced Operations
Industry: Manufacturing
Challenge: Compliance with privacy and financial regulations

The Japanese subsidiary of an American clothing manufacturer had outsourced its back office and telesales operations, as well as development of the applications supporting these activities. We were hired to evaluate compliance with Japanese privacy legislation and credit card industry security standards within the data center operations. The results of our analysis, which included numerous issues that needed remediation, were then used by our client in contract renewal negotiations with the data center provider.

Protecting Competitive Advantage
Industry: Electrical utilities
Challenge: Protecting customer and revenue information

One of Asia's largest utility companies hired Parenty Consulting to evaluate the protections afforded its customer information. The company was concerned about both guaranteeing their customers' privacy as well as ensuring competitors could not access sensitive information. An analysis of customer-related business activities, the software applications directly supporting them, and underlying network infrastructure validated best practices already in place, as well as highlighted compliance and data access issues that still needed addressing.

Ensuring Integrity of Wire Transfers
Industry: Banking
Challenge: Preventing administrator abuse of privilege

One of the world's largest banks engaged Parenty Consulting because of their concern over bank employees executing fraudulent wire transfers. In particular, they were worried about database administrators with unlimited system privileges. Parenty Consulting designed a series of security mechanisms using encryption and auditing to prevent unauthorized wire transfers and to hold administrators accountable for their actions.

Enforcing Intellectual Property Rights
Industry: Software
Challenge: Successfully resolving patent litigation

A European-founded software company hired Parenty Consulting when they became involved in a patent infringement case filed by a competitor in the electronic commerce security market. Parenty Consulting Managing Director Thomas Parenty, an expert witness recognized by the United States District Court, conducted a thorough review of the patent claims, prior art, and competing product features. The resulting analysis led to the competitor dropping their case, thus saving our client from further legal costs, negative publicity, and a distracting lawsuit.

Preventing Credit Card Fraud
Industries: Retail, telecommunications, IT outsourcing, and online merchandising
Challenge: Complying with credit card security standards

Parenty Consulting has assisted numerous companies throughout Asia, including Hong Kong, Taiwan, Japan, Thailand, and The Philippines, address Payment Card Industry Data Security Standard (PCI DSS) compliance. These engagements have included remediation assistance ranging from the design of secure encryption key management to the selection and documentation of compensating controls.

Ensuring Biometric System Effectiveness
Industry: Manufacturing
Challenge: Developing effective mission-critical systems

One of the world's leading vendors of biometrics systems for criminal justice and civilian identification hired Parenty Consulting to teach their internal staff techniques and strategies for compromising (hacking) biometric systems. In addition, our engagement included detailing countermeasures to be included in their own products as well as in deployed environments, such as police stations. This helps ensure that these biometric systems are able to fulfill their operational objectives, even in hostile circumstances.

Securing Nuclear Command and Control
Industry: Government
Challenge: Preventing unauthorized launch of nuclear weapons

When employed at the National Security Agency, Parenty Consulting Managing Director Thomas Parenty led the team evaluating the security mechanisms protecting a global nuclear command and control network under development. This involved assessing application, operating system, and network security functionality, as well cryptography. Mathematical tools were used to ensure the correctness of cryptographic protocols in compliance with the most stringent security standards.