Security Management Practices »

Access Control Systems »

Telecom and Network Security »

Operations Security »

Applications and Systems Development »

Business Continuity Planning
and Disaster Recovery Planning »

Security Management Practices

You classify the information that your organization produces according to the company’s sensitivity to its loss, improper modification or disclosure. You cannot eliminate risk, short of ceasing operations. You manage risk by defining what level of risk the enterprise can safely tolerate and continue to function effectively, and working to reduce the risk to that level.

Using the management practices of data classification and risk management, we help you identify information assets, assess their value, and rate their vulnerabilities. We assist you in categorizing treats by their likelihood and potential impact, and selecting appropriate safeguards. We then help you formulate security policies, standards, guidelines and procedures.

Operations Security

It is common for systems administrators to wear many hats and work from a large backlog of projects. In the effort to simply to make things work on a tight schedule, they may use insecure practices that expose the organization to greater risk.

We review the operations of your information technology department and help them implement best practices such as personnel security, segregation and rotation of duties, least privilege, need to know, change control, due care and diligence, record retention and documentation control, resource protection, monitoring and auditing.

Applications and Systems Development

Inattention to security during the development process often results in software that is vulnerable to attack whether it is on a network or on stand-alone system.

We review the design and construction of your organization’s software with regard to security, whether you built it internally or acquired it from an external developer. We show your software designers and programmers how to use secure practices in every stage of the development process.

Access Control Systems

Controlling access to information systems is necessary for the preservation of confidentiality, integrity, and availability. Confidentiality ensures that the information is not disclosed to unauthorized persons or processes. Integrity is the prevention of information modification by unauthorized users whether intentional or unintentional. Availability ensures that a system’s authorized users have timely and uninterrupted access to the information in the system.

We help you mitigate the risk to your information assets by developing and implementing administrative, technical and physical controls suited to your systems, whether they are distributed or centralized. We employ both preventive and detective measures using a layered security approach.

Telecom and Network Security

Your company’s communications often pass over unknown networks on their way to the recipient. Without controls to protect the privacy and integrity of your information, someone may read or modify it along the way. Your trading partners may be able to contest transactions made with your company.

We help you choose and implement transmission methods, transport formats and security measures that provide authentication, confidentiality and integrity for transmissions over private and public networks and media. We help you protect data, voice, and video communications.

Business Continuity Planning and Disaster Recovery Planning

Companies create business continuity plans to prevent interruptions to normal business activity and protect against loss of capital due to a natural disaster, a major system failure, or a belligerent act. A disaster recovery plan documents the actions workers will take before, during, and after a disruptive event that causes a significant loss of information systems resources.

We help you develop, test and update a business continuity plan to minimize the cost associated with a disruptive event and mitigate the risk associated with it. We assist you in preparing a disaster recovery plan for responding to an information asset loss, and managing the recovery, salvage and restoration processes.