Summary

ThreeShield provides proactive information security services so you can focus on what matters: your business.
Our core services include:
vulnerability assessment
risk-based mitigation
ongoing security management & monitoring
PCI, NERC, and other compliance audit preparation

Experience and credentials

Our founder oversees all security engagements.   Armed with Computer Science and MBA degrees along with CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor, PCIP (Payment Card Industry Professional) and other security certifications, Chris easily translates business requirements into security controls. His two decades of experience in information security includes energy companies, such as Syncrude Canada; the Office of the Auditor General of Alberta; banks, colleges, and universities in Alberta; large corporations like United Technologies, Pratt & Whitney Canada, Sikorsky; critical infrastructure; and large cloud-based entertainment infrastructure for Second Life and other organizations.  ThreeShield provides small and medium-sized enterprises the rare opportunity to benefit from his extensive experience at a fraction of the cost. 

 

CUSTOMERS

ThreeShield Information Security provides customized IT security tools and consulting to organizations of all sizes, including the following:
1-Page
Atos Origin
Bell Aliant Regional Communications
Carrier Corporation
Computer Sciences Corporation
Deloitte
Ernst & Young
First Gulf Bank
Government of Alberta
Hamilton Sundstrand Corporation
International Aero Engines
KPMG
NASA
Note-able Music
NORESCO
Otis Elevator Company
Plateau Systems
Pratt & Whitney
Red Link SA (Argentina)
Segurança da Informação e Conformidade
Sikorsky Aircraft Corporation
TOOT'n TOTUM
Towers Watson
United Technologies Corporation
Universidade de São Paulo
UTC Power
Whitecap Resources Inc

APPROACH

ThreeShield provides a low-cost, proactive solution by providing an intense initial vulnerability assessment and risk-based mitigation service followed by an ongoing discounted service to prevent problems.  This proactive approach saves you downtime, money, and stress so you and your IT team can focus on what’s important: keeping your company running.

 

Community Involvement

In addition to being active members of the Information Security community, we proudly support Safe and Secure Online. This is a flagship online safety program that teaches children, parents, grandparents and whole communities how to protect themselves online and become responsible digital citizens.   If you are interested in a free security awareness presentation at your school, library, or other organization, please contact us.

We sponsor several cultural, music, and start-up events in the city of Calgary with the objective of maintaining Calgary as an attractive city for headquarters and to raise families.  However, our focus remains Safe and Secure Online because the security threats that businesses face often extend to employee homes.  Security-conscience families in a vibrant city help to secure our clients.

Our internal Security Practices

During the assessment process, we request your configuration information, policies, and related documentation.  We understand that this is sensitive information and protect it the same way that we protect our own.   Here are some of the controls that we employ:

Encryption

  • Data in transit: All data in transit is encrypted using TLS (SSL support has migrated to TLS; threeshield.ca no longer supports SSL)
  • Data at rest: All sensitive information is encrypted using AES.  Your information is encrypted using an encryption key that is unique to your company.
  • Removable media: All customer data on removable media (including SD cards and USB drives) is stored within encrypted containers, so if it is ever misplaced or stolen, it will remain protected. 
  • Passwords: We use multi-factor authentication that relies on a combination of your email, a cookie that we use to recognize your computer, and your computer's network.  However, during the registration process, we request a password for you to use to confirm your identity in case you need to send us information from a new computer or network (used in combination with email verification).  We never store the actual password.  Instead, we use a slow one-way salted hash called Bcrypt.  This means that even if our password database is compromised, your password will not be disclosed.  If someone tries to "brute force" your password by reverse-engineering the hash, the amount of time it would take to crack it would be infeasible -- much longer than with other industry standards, such as SHA256.

Data Architecture

  • Data disaggregation: instead of storing all of your information in one place or in one record in our database, we store each item separately and do not directly associate it with your company.  We use slow, salted PBKDF2 links to connect your information together.  This means that even if our customer information database gets compromised, our encryption key store gets compromised, and information is somehow decrypted, it would take an infeasible amount of time to figure out which information belongs to which company -- right down to your phone number. 

Data Retention

  • All of your data -- including backups -- will be deleted within 15 days of your request or contract termination
  • All client data that hasn't been modified for 3 years will be deleted.  Most of our clients receive annual in-depth assessments. Retaining information helps to decrease the cost in subsequent years and help to decrease the cost of additional ISO, PCI, NERC, and other compliance efforts.   However, in the third year, information that hasn't been updated will be requested again.  We also provide the option of deleting all data following each annual review.
  • You always have access to all of your data and can modify or delete it whenever you like.

Privacy

We do not rent, sell, or trade any of your information with third parties.

Warranty

We take reasonable steps to maintain the security of the information that we collect, including limiting the number of people who have physical access to our database servers, as well as the aforemntioned encryption, architecture, and other security controls that guard against unauthorized access. However, no data transmission over the Internet can be guaranteed to be completely secure. Accordingly, we cannot ensure or warrant the security of any information that you transmit to us, so you do so at your own risk.

Employees

All employees and contractors with access to customer information are required to complete successful background checks.

Cookies and Third-party content

We use cookies and/or other content from:

  • threeshield.ca and threeshield.com as part of our authentication process and to understand our web traffic patterns
  • CloudFlare to protect against web-based attacks
  • Google Analytics to help understand our web traffic patterns
  • Google, Facebook, and Twitter to track results from advertising on these services
  • MyLiveChat to help us provide you with faster service through live chats
  • Twitter to display our Twitter feed

Advertising

We do not use third-party advertising products such as Adwords on our website.  However, we advertise on other websites.

We do include links to our own products (sold through ThreeShield.com) and links to our partners, including LastPass and Inspired eLearning.

 

Legal

ThreeShield Information Security Corporation is a Canadian federal corporation incorporated under the Canada Business Corporations Act and is registered in Alberta as an extra-provincial corporation.

GST Account #79028 2099 RT0001