|
Operations Security
It is common for systems administrators to wear many hats
and work from a large backlog of projects.
In the effort to simply to make things work on a tight
schedule, they may use insecure practices that expose the
organization to greater risk.
We review the operations of your information technology
department and help them implement best practices such as
personnel security, segregation and rotation of duties,
least privilege, need to know, change control, due care and
diligence, record retention and documentation control,
resource protection, monitoring and auditing.
Applications and Systems Development
Inattention to security during the development process often
results in software that is vulnerable to attack whether it
is on a network or on stand-alone system.
We review the design and construction of your organization’s
software with regard to security, whether you built it
internally or acquired it from an external developer.
We show your software designers and programmers how to use
secure practices in every stage of the development process.
|
Access Control Systems
Controlling access to information systems is necessary for
the preservation of confidentiality, integrity, and
availability. Confidentiality ensures that the information
is not disclosed to unauthorized persons or processes.
Integrity is the prevention of information modification by
unauthorized users whether intentional or unintentional.
Availability ensures that a system’s authorized users have
timely and uninterrupted access to the information in the
system.
We help you mitigate the risk to your information assets by
developing and implementing administrative, technical and
physical controls suited to your systems, whether they are
distributed or centralized.
We employ both preventive and detective measures using a
layered security approach.
Telecom and Network Security
Your company’s communications often pass over unknown
networks on their way to the recipient.
Without controls to protect the privacy and integrity of
your information, someone may read or modify it along the
way.
Your trading partners may be able to contest transactions
made with your company.
We help you choose and implement transmission methods,
transport formats and security measures that provide
authentication, confidentiality and integrity for
transmissions over private and public networks and media.
We help you protect data, voice, and video communications.
|
Business Continuity Planning and Disaster Recovery
Planning
Companies create business continuity plans to prevent
interruptions to normal business activity and protect
against loss of capital due to a natural disaster, a major
system failure, or a belligerent act.
A disaster recovery plan documents the actions workers will
take before, during, and after a disruptive event that
causes a significant loss of information systems resources.
We help you develop, test and update a business continuity
plan to minimize the cost associated with a disruptive event
and mitigate the risk associated with it. We assist you in
preparing a disaster recovery plan for responding to an
information asset loss, and managing the recovery, salvage
and restoration processes.
|