ISSCP SECURITY SERVICES
We at ISSCP offer you our clients a full range of IS security services, with our team of security professional.
In Depth Policy Review
Policy and Procedures are the foundation of any IS security implementation and management. How can employees/users know what is acceptable, right and expected of them unless they are guided by the organization's policies. Although organizations may have the same policy by title, the content is often very specific to the organization.
Our approach is to study your business, understand your management style, help craft, design and present the polices needed specifically to you. Sadly many copy a policy from another organizations and this may at most be a starting point, but it can lead to major problems if left unchecked and not tailor-made to suite your organization.
Allow our team to review your polcies and procedures from a security professional's viewpoint to help you make key decisions and close the gaps in your security defense mechanisms.
Risk Assessment
One of the biggest hurdles faced when an organization is to implement security, is determining how much to spend and what kind of protection to obtain, etc. The simple rule of knowing what your assets are worth both monetaryily and the informational value they possess, will give you a clear and detailed picture of how much protection is adequate. Do Not risk your security by providing too little or less expensive security mechanism(s).
CIO's have you ever wondered how to get the budget you need! Try Risk Assessment.!! Ask us for more information!.
Again, Risk Assessment is a VERY vital tool in determining what security mechanisms are required. How can you defend your organization unless, you know:
(a) where the information is?,
(b) how much it is worth?,
(c) who is accessing it?, and
(d) when is it being used.
These are vital questions that Risk Assessment reveals answers too in order for security to be implemented correctly. Without a proper and complete Risk Assessment your secuirty will be weak or inappropriate and in-effective. Many business processes, DRP (Disaster Recovery Plan), BIA (Business Impact Anaylsis), etc. require a risk assessment in order to begin the process of covering what is critical and determine what is not. Do Not risk your entire business sucess on a lack or poor Risk Assessment.
Security Configuration Review
In order for security to remain effective it must be maintained daily. Too many organizations have a poor or NO change management process in place in order to deal with day-to-day changes that are required. This leads to failures and quick fixes. One of the worst encountered is the instruction "Allow any/any" to the first line of the firewall configuration.
Great, the problem is solved and all is working, EXCEPT you have just bypassed the firewall's protection capability and may as well not have one at all. Many quick fix changes lead to bigger problems down the road. Thus all security configurations should be reviewed and checked.
As IS security professionals, we offer our combined skills and expertise to review your configurations and change management process, to check that configurations are working and effective. In other words there is no point in having a 8,000 line configuration for your firewall, if you only have < 10 devices.
Security Project Consultation
If security is not your fortay, why risk your business? Get a professional team that can analyize your business, identify your business processes and above all help you develop the appropriate security posture that YOU require. This will not only help you defend your business correctly, but will also ensure that you meet industry compliance standards avoiding the chance of being caught high and dry with inadequate security measures.
Security Analysis
Inside security personnel are an excellent resource to ensure that your company is doing the best it can to protect itself. They are available at all times, they know you business, they know your staff. But too often they get trapped into corporate politics or remain thinking inside the corporate box.
This is an occasion where an external viewpoint may be of value in the long-run should a major task to implemented.
In the finanical world, we rely on a third party auditor for independance and an objective view. In the same way we rely on an external security advisor for the same independent and objective viewpoint.
It is a requirement of ISSCP for our staff to stay at the forefront of what is currently happening in the IS security arena. By accessing our knowledge base, to get the most comprehensive view of your security needs and requirements that can be obtained from the security industry.
Compliance Auditing
In todays e-commerce business world security has become a major issue. The threats we all face through "information warfare" can be overwhelming.
Vulnerabilities are found daily. New virus strands are also released every day. What was a very secure system today may have so many holes in it by the end of the week that it resembles swiss cheese. Based on this rapid change it is important fact that many business took shortcuts to cut budgets and trimmed security clean out of the picture.
But today there is a whole new approach. Many companies are starting to hire CSO (Chief Security Officers) CPO (Chief Privacy Officers) and a whole security compliance department that constantly evaluates the risk status of the organization. This information is fed to senior executives so they can plan and manage what to protect next. Afterall senior management is always ultimately responsible for the security and risk of the organization.
Based on this and obivous mismanagement problems such as Enron, compliance laws have been introduced and enforced. (SOX, HIPAA, GLBA, PCI, FISMA, etc...) ISSCP calls this the alphabet soup of compliance.
To most senior executives CFOs, CEOs, the possibility of time in jail is not what they had in mind when they assumed the tasks of running a large organization, but with one mis-step in security this could very easily be the next stop on their career path. (Just ask the two former executives at Enron).
What is amazing is that many smaller business senior executives, still do not see this 4+ years later ! Many small and medium sized companies have the same grasp on security today as they did 4 years ago. Their security is Non-existent.
|
