Information Security Services
|
|
There are many different approaches to information security. However we believe that the majority of the policies and processes that make up a secure system should have a pedigree that guarantees that they are effective. To deliver a high quality end product, we use tools and processes that have been used with prior success. The business needs that we address are:
|
Security Planning
- Policy
- Risk Assessment
- Continuity of Operations
- Risk Classification
- Acquisition
- Training
- Integration
- Regulatory compliance
|
|
Operations
- Incident response
- Change management
- Disaster recovery
- Asset management
- Human resource security
- Physical and environmental security
- Communications management
- Development and maintenance
- Business continuity management
|
Information Protection
- Encryption
- Public Key Infrastructure (PKI)
- Availability
|
|
Access Control
- Identification (e.g. Biometrics, Credentialing)
- Authentication
- Authorization
|
In broad terms information security consists of:
- Identification of assets and estimating their value. This includes people, buildings, hardware, software, data (electronic, print, and other), and supplies.
- Threat assessment. This includes acts of nature, acts of war, accidents, and malicious acts originating from inside or outside the organization.
- Conducting a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. Evaluate policies, procedures, standards, training, physical security, quality control, technical security.
- Calculate the impact that each threat would have on each asset. Use qualitative analysis or quantitative analysis.
- Identify, select and implement appropriate controls. Provide a proportional response. Consider productivity, cost effectiveness, and value of the asset.
- Evaluate the effectiveness of the control measures. Ensure the controls provide the required cost effective protection without discernable loss of productivity.
|
|
|
