More Related Content
What's hot (20)
Viewers also liked (17)
Similar to Equilibrium Security Methodology 030414 Final v2 (20)
Equilibrium Security Methodology 030414 Final v2
- 1. Assessing and Remediating Business IT Security Risks Find the vulnerabilities before the hackers. Start finding your true risks with Security Assessments Don’t ignore it….fix it before it is exploited to your disadvantage A firewall is no longer enough! There are 2 types of businesses left in the US, those who have been hacked, and those who don’t know it. The adage of “if you don’t find it first, you lose” applies to Information Technology (IT) security and compliance as much as it does in treasure hunting. Hackers have become very sophisticated, and are out there trying to steal information from you 24x7. If you don’t find the weak spots in your perimeter, the bad guys will, and the treasure you’ve accumulated, whether its trade secrets, customer information, credit card data, consumer data, healthcare data, business processes, or hard-earned profits will be lost, and may result in business-killing lawsuits. Secure IT environments rely heavily on a risk based security lifecycle, which starts with broad security assessments, vulnerability testing, then remediation, implementation, documentation, and further testing. The lifecycle then continues. Internal IT staff often lack the time and/or lack the expertise to continuously monitor the new ways the bad guys are looking to exploit weaknesses and to gain access to your corporate systems. Traditional IT defenses such as patching, anti-virus, and a firewall are no longer enough. Equilibrium’s IT professionals can work with your team to identify weak points in your security, design and implement solutions, and test their effectiveness.
- 2. COPYRIGHT AND CONFIDENTIALITY NOTICES © 2014 Equilibrium IT Solutions, Inc. No part of this publication may be reproduced in whole or in part by any means (including photocopying or storage in an information storage/retrieval system) or transmitted in any form or by any means without prior written permission from Equilibrium. Equilibrium Information Technology Security & Audit Methodology The top questions to answer are: (1) Where are my weaknesses? (2) How do I correct and turn my weaknesses into strengths? and (3) When do I need to review and update my security processes and procedures. The crystal ball can become clearer by understanding the complexity of information systems, increased risks, and the need for compliance of information systems and their relationship to enterprise success. Organization of Information Security Information security organization, information security program compliance Security Policies, Standards and Procedures Security policy and procedures, 3rd party providers and subcontractors Compliance and Risk Management Compliance with financial, regulatory, government and industry regulations, risk assessment of external and internal vulnerabilities Human Resources Security Human resources security, screening, information security awareness, termination policies and procedures Operations Management Operating systems management, asset management, change management, anti-virus, backups, waste and media disposal Facilities and Physical Management Facility management, facility access controls Security Incident and Threat Management Incident response, monitoring and detection, patching Network Architecture Network controls, data network configuration, firewalls, wireless networking, mobile device security, BYOD System Security Access control administration, user accounts, password management, reconciliation of accounts, remote access, encryption and key management Application and Database Maintenance Application development, application security architecture, deployment processes and policies, application controls, code reviews, production system access Disaster Recovery and Business Continuity Planning Business continuity and disaster recovery contracts, locations, planning and testing, documentation About Us Equilibrium specializes in providing businesses and organizations with professional IT services. Our team of consultants, architects, technical project managers, and systems engineers provide end-to-end integrated solutions. A major differentiator about us is that Equilibrium’s consulting approach is truly vendor neutral. Our objectivity is a critical component to our ethical operations and the level of trust we earn from our clients. We function as an advocate for our clients helping them implement technology solutions that satisfy their complex business requirements.