The Security Problem

Protecting your data from danger is an important, but tricky job. Doing it well demands careful focused attention that most small IT staffs simply do not have the luxury to afford. Additionally, your IT staff may not be properly equipped or trained to do it well. After all, their daily duties focus on making the network usable so that people can be as productive as possible. Keeping up with the latest security issues can seem like a daunting task. It can be a full time job in it's self. Until a company reaches a certain size, it doesn't seem cost effective to have a full time Information Security Officer or to send their small IT staff to training courses. Sometimes it just makes sense to hire a consultant to get you started. But who will keep up on your security once the consultant is gone ?

Our Solution

Security is about process, not products. Once there is a process, the effort and cost required to maintain a secure computing environment is dramatically reduced. Once there is a process, a system, then there is control. Without a process or a system, there is no control.

Vulnerability Assessment

Our security engineers identify where existing security related processes need improvement. The tool used to assess what improvements need to be made is a Vulnerability Assessment. A Vulnerability Assessment covers three areas: assessment of your current practices (what you actually do), assessment of your policies (what you expect to do), Network-based Security Auditing (what you have done). We run through our checklist of over 100 items in more than 20 security related areas, and deliver you a prioritized list of recommendations. We will also rate your overall security with a standardized score for comparison between assessments.

Vulnerability Awareness Intrusion Detection Patching Procedures Backups Testing Environment Documentation Redundancy Physical Security Inventory Passwords Remote Access

Logging Monitoring Security Policy Virus Protection Routing, Packet Filtering Staff Security Knowledge Legal Issues Web Presence / Information Leakage Penetration Firewalls

Mitigation

Once we have the complete assessment, we help your team plan and execute the steps needed to improve your IT security. We help your staff perform the mitigation steps. Since it's your team that will provide the daily support for your network, we suggest that your team perform as much of the mitigation tasks as possible. We can help you develop missing policies too.



Network Auditing & Scanning

We won't let things decay over time. We will perform weekly external vulnerability tests with our External Scanning Plus+ product, and quarterly internal network testing with our Internal Scanning Plus+ product. These two services help locate common misconfigurations, viruses, backdoors, and software vulnerabilities.



Scaled To Meet Your Needs

Historically, large corporations, Government agencies and other large organizations with a lot of critical information to protect have performed regular ISA's. Some of these large organizations even maintain their own internal teams who are dedicated to performing ISA's and Securing the Information Assets of the organization. This is the practice of companies such as SAIC and IBM.

Depending on the size of the organization and the financial implications of down time, lost data or a security breach, it can be very in-depth analysis. Some businesses may have a higher tolerance for risk to their information, while others are out of business if they lose their database, billing records, or their trade secrets become exposed. Still others operate at profit margins that put them at risk if their computers are down for a day.

Our subscription based packages combine the most cost effective and efficient aspects of these three tools to help you improve your data security and maximize your ability to recover from negative events. We identify existing problems, suggest steps to mitigate them.