Information Security
Consultants provides you with the tools you need to
secure your enterprise.
We offer a wide range of
services including |
- Security surveys
- Policy & procedure
plan design
- Disaster recovery plans
- Security awareness
training
- Vulnerability assessments
- System hardening
- Compliance programs
- Computer forensics
|
|
Focusing on the entire flow of
information, not just the Information Technology department,
we help you redefine your corporate culture to secure your
information assets.
Together we will design the policies
and controls you need, controls which are traceable to
established standards and which meet your internal
requirements and your extrnal obligations.
By skillfully blending these
services, we can help you achive security in-depth.
Call Us Today at (772) 781-7300
You will find we are enthusiastic and
passionate about what we do.
Security Survey Once
optimum levels of protection have been determined, a security
survey will reveal areas needing improvement, such as:
- Administrative Procedures -
Policies, Management
Practices, Configuration Controls
- Personnel Issues
-
Employee Training
- Physical Security
- Access Control
- Backup Procedures
- Software Application Security
- System Architecture including
Servers, Workstations,
Routers, Firewalls, IDS, Modems, etc.
- Patch & Revision Level Control
- Laptop & Wireless Devices
Policy & Procedure Plan
Design Policies are the blueprint for your
information security activities. Effective policies must cover
all relevant areas without limiting your business activities.
They must be carefully tailored to your environment and
reinforce, rather than weaken, your corporate culture. They
must provide for reasonable expected growth, as well as
current concerns. These policies and procedures must be
periodically reviewed and updated.
Disaster Recovery Plans
Sixty percent of companies which suffer from
natural or man-made disasters do not survive. For this reason,
Disaster Recovery Planning which provides for timely
restoration of vital business functions must be an integral
part of your security program. These plans can take many forms
and can be quite simple or very elaborate. We will work with
you to design, implement and test plans to meet your business
requirements.
Security Awareness Training
Security awareness training is as important as any
of your technical safeguards, perhaps more so. Social
engineering attacks are common and extremely effective. Your
personnel are your first line of defense. They must be fully
aware of your policies and procedures, and understand their
importance. It is imperative they understand your objectives,
enabling them to changing situations. We can provide
customized, on-going training programs to prepare your people
for the challenges they will face.
Vulnerability
Assessment This involves evaluating your company's
information assets, the type and degree of risk to which you
are subject, and establishing plans to protect those assets.
System Hardening System
hardening involves selecting and installing the optimum
hardware and software products, then configuring them to
established benchmarks to minimize the risk of intrusion, data
loss or compromise. This sometimes involves evaluation of your
software applications for vulnerabilities, as well as
examining the systems on which they run . We can
work with you to achieve the level of security you require.
Compliance We help you
meet the requirements of all the current and future federal
and state information security regulations, and any newly
proposed legislation which may apply to your business .
Our programs include:
- Health Insurance Portability and Accountability Act
(HIPAA) compliance
- Sarbanes-Oxley compliance (SOX)
- California SB1386 compliance
- Gramm-Leach-Bliley Act (GLB) compliance
Computer Forensics A
forensic examination is quite different than a casual look
through a computer. It must be performed in a llegally sound
manner, so that the evidence will be admissible in court, if
necessary. We follow a strict, carefully developed set of
procedures addressing security, authenticity and
chain-of-custody of the original media. Simply powering up a
computer may result in many files being changed, thus
endangering admissibility.
.
|