The business climate has changed so that security has become one of the most critical elements in ensuring an organization's continuity of operations. Security vulnerabilities, threats, policies, procedures, and technology need to be addressed in a focused, and continual manner.
Legal issues such as SARBANES OXLEY, PIPEDA, and Securities Regulations are driving the demand for organizations to audit their infrastructure, and ensure that all internal information and systems are protected and secure.
Additionally, as a condition of business, organizations are considering it prudent to ensure that their operations and infrastructure have been assessed by neutral third party expertise using IT security standards. This provides for a security level setting and a degree of comfort for both external, and internal business partners
The Consulting Practice has developed a suite of solutions that addresses all aspects of an organizations security from a technological perspective. Our CISSP certified engineers have performed security assessments for all different aspects of IT Security within various industry sectors: Government, Financial, Communications, Manufacturing, Legal and Distribution.
Our Security*Assessment can be the initial step undertaken to tackle the challenges associated with security vulnerabilities. Our organization follows standard security guidelines to determine what policies/procedures are in place within an organization. We also conduct interviews and perform analysis to determine the robustness of an organizations infrastructure. Comprehensive reporting and analysis is produced as a deliverable for our client so that measures can be taken to correct the vulnerabilities that have been uncovered. Our reporting is developed upon analysis of the following elements as defined by the international ISO/IEC 17799-27000 security standard:
- Security Policy
- Organizational Security
- Asset Classification and Control
- Personnel Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Systems Development and Maintenance
- Business Continuity Management
- Security Requirements & Risk Management
Additionally, our Ethical*Penetration*Testing service can be used in conjunction or in parallel with our Security*Assessment service to identify potential external vulnerabilities. We use tools and techniques in order to attempt to breach an organization's network and uncover vulnerabilities. This is one of the most important procedures that an organization should perform, as previously unknown network deficiencies and points of access are identified. Corrective steps can be taken immediately once this analysis is completed.
Once the exposed elements of an organizations infrastructure are secured, it is appropriate to create or update an organization's security strategy. Our Security*Strategy solution can be used to address all of an organization's security needs, and encompasses areas that include: Data Networks, Internet Connectivity, Software, Physical Infrastructure, Environmental Security, Disaster Recovery and all Policies and Procedures.
In order to implement a security strategy, we provide our clientele with our Security*Development solution, which can be used to address all areas of concern as it relates to security policies and procedures. This offering includes the creation and documentation of all policies and procedures that an organization requires, as a result of the implementation of a security strategy.
We provide Security*Implementation services as our organization is familiar with most hardware, software, and networking technology. Our consultants are CISSP certified and can ensure that all technology is optimally deployed.
On an on-going basis, we provide our clients with a Managed*Security service so that all of the policies and procedures are implemented and updated as per an organizations security strategy. Some organizations do not have the staff in-house to perform these functions, and we provide this service on a regularly scheduled basis. Other organizations do have security expertise, but require additional assistance to manage their environments, and rely on us to complement their internal resources.
Organizations might find that they do not enough staff on-board to handle security projects. This may be due to lack of training, or due to resource availability. The Consulting Practice is able to provide its clients with a project approach for performing security work, by supplying appropriate resources, and project management skills so that implementations are performed on time and within budget.
An organization may find itself in need of a resource(s) on site to perform security type functions for a specific duration. Our CISSP certified consultants are able to provide organizations with the expertise they need to handle security related issues. From Architecture, Design, Implementation, Trouble-Shooting, Maintenance, and Monitoring, our consultants have hands on experience with most security environments and technologies in place today.
If you would like to know more about how we are assisting clients across Canada and USA with IT Security Assessments, then contact us at 1-877-824-4412 or via email to: