Linux Information Security
Various Linux-based Open Source security poducts will meet the most
demanding information security requirements. Our risk-based approach
is simple, cost-effective and will fundamentally enhance overall
information security, operational efficiency and regulatory compliance.
I. Network
Scanning, Vulnerabilities Testing And Threats Assessment.
Network testing services are conducted on site locally in New York
and New Jersey.
Using Industry-recognized Open Source tools.
Our approach provides
a cost-effective framework for conducting security testing.and providing
formatted, quantifiable and deliverable test results metrics to contracting
parties.
Vulnerabilities testing provides a clear picture of
an organization IT security posture.
It helps identify the need for newer data protection measures and/or
system security configurations.
Organization also conduct periodic testings as part of continuous
IT risks assessment effort,or in preaparation for an audit.
The net result is the ability to make better informed
and cost-effective information security investments decision along the following lines:
1. Network Firewall capable to log security-related network activities;log review and auditing help monitor
and refine security
2. NIDS/NIPS (Network Intrusion Detection/Prevention Systems) establish sensors that can capture and analyze network data
traffic to stop threats as they materialize
3. Enterprise Spam/Virus filtering and blocking Solutions
4. Information Security Planning And Policies Implementation,Monitoring And Training
5. Wireless Security Implementation
6. Inventory And Documenting Of Information Systems Security Configuration
II. Sarbanes-Oxley Compliance Program.
The COSO Framework:
In 1992, The Committee Of Sponsoring Organization Of the Treadway
commisssion defined internal control as a process through which an
enterprise could achieve "effectiveness and efficiency of operations,reliability
of financial reporting and compliance with applicable laws and regulations".
This approach also identifies five principal components for internal
control:
- risk assessment
- control environment
- control activities
- information and communication
- monitoring.
In june of 2003, the Securities and Exchanges Commission endorsed
the COSO framework for implemeting
Sarbanes-Oxley Act compliance.
Establishing a managed and informed environment.
A workflow-based project management system provide the environment
for implementing a broad and sustained organization-wide Sarbanes-Oxley
compliance effort.Involving the proper personnel with defined roles
and responsibilities across the entire enterprise architecture is
a preliminary step.The workflow establishes process-related activities
and tasks within a rigourous timetable.Monitoring and history are
documented through version management and documentation scheme demonstrating
a sustainable program.
Technical information sourcing is established via an intranet system.
In it procedures for calendar-based tracking/reporting activities
and collaborative document editing are developed.
Practical information on implementing COSO's five critical components
of internal control are also included and augmented by up-to-date
practices on:
- inventory
of information systems, architecture, configuration, user satisfaction
questionnaire
- best-known methods resources
- Information Security Program Planning And Management
- awareness and training
- Access Control
- System Software Development And Change Controls
- Application Software Development
- Segregation Of Duty
- Continuity Of Service
This model integrates updated submissions, reviews, editings and approvals
of project documentation giving snapshot views of the entire IT
infrastructure, its compliance activity and strategic evolution at
different historical point in time. Also provide an effective tool
in managing the organization's IT investment portfolio.
|
