 |
||||||||
|
 |
 |
 |
 |
 |
 |
 |
 |
IntroductionSoftel Systems' Security Solutions are designed to provide you with a comprehensive, complementary suite of consulting solutions that will improve your organisations' security in a lasting way. Of course, if what you need is not listed here, we would be pleased to tailor a security program for you. Our Security Solutions described on this page are:
System Security ReviewTargeted to the medium-sized enterprise, our System Security Review (SSR) provides a quick, high-level view of your organisation's security posture. Typically conducted over three to five days, Softel Systems security consultants will review and report on the security of your Information System and how it is used by your business. Conducted as a time-limited review, we will prioritise according to need looking at aspects of your Information System including servers, user's workstations, your network, internet presence, physical security, operations, policies, procedures, employment contracts, subcontractor agreements, non-disclosure agreements and so on. In our experience, if you have not previously considered security formally within your organization, the System Security Review provides a most cost-effective means of achieving significant security gains. Depending on the size and nature of your organization, you may find one System Security Review is sufficient or you may choose to have reviews conducted regularly as a "security health check". The result of our review will be a presentation-style report and meeting where we present our findings and make our recommendations. Technical Security AssessmentNetwork equipment, internal and external data links, the many kinds of servers, workstations and PABXs form the hard core of your Information System. In the Technical Security Assessment (TSA), we examine the security of these systems. We examine your external security posture presented by your internet presence, dial-in modems and wireless LANs as well as your internal security. The Softel Systems team of experts understand enterprise enviromnents based on Microsoft Windows and Unix host architectures and we maintain a security tool library of over 150 distinct tools so we can apply Security Management ReviewHow would you respond to an intrusion? Do your staff know their information security responsibilities? Do they know who to contact is they are concerned about a security problem? Are you comfortable that your organisation is secure? Do your subcontractors and outsource suppliers present an acceptable information security risk? A Security Management Review (SMR) examines how information security is managed and helps you ensure that the right level of security is achieved for your organisation. The starting point we use for the Security Management Review are the standards AS NZS 4360:1999 Risk Management and AS NZS 7799.2:2000 Information Security Management: Specification for Information Security Management Systems to define an Information Security Management System that is optimum for you then to work with you through the implementation process. Because every organisation is different, our experience security consultants analyse your current security posture and recommend the best approach for your organisation to ensure that you and your management team meet your information security obligations in an efficient, lasting way. Information Policy AssessmentSecurity policies define the rules by which people interact with your Information System and typically address aspects such as:
The Softel Systems' Information Policy Assessment (IPA) reviews your organisation's security policies to assess their suitability and make recommendations for improvement as well as how you communicate, implement and enforce your policies. As security specialists, Softel Systems has access to thousands of existing security policies allowing us to quickly and cost-effectively suggest proven policies and help you make them an intrinsic part of your organisation's culture. System Survivability AssessmentDerived from CERT's Survivable Systems Analysis approach, the System Survivability Assessment (SSA) systematically examines how your existing or proposed Information System respond to failures before they happen. We work with you to define a set of survivability goals that suit your business then consider a wide range of failure types within a lifecycle context including intrusion (physical and network), equipment, software, human error and malicious acts. Typically, our System Survivability Assessment Report will have the following sections:
|
