Information Technology Security
Denysys provides the full spectrum of security services that can cover all an organization’s security needs—including information and infrastructure protection—as well as scrutinizing all processes and procedures that can impact their security.
Our services include:
Because of the pervasive nature of the threats to an organization’s security, no one fix can hope to address all security concerns. Therefore, the security services we offer are interrelated. Our assessment services provide the baseline data for certification, accreditation and our compliance monitoring services. Incident response and forensic response are event-driven activities that can be procured as a one-time service or on a subscription basic. We can also work with clients to arrive at a customize approach that addresses your unique security needs.
We deliver these services through staff augmentation, co-sourcing and technical and business process outsourcing.
Internal Assessment—An internal vulnerability assessment evaluates the organization’s network security from the inside looking out. Particular attention is paid to the individual parts of the configuration and implantation weakness that could place the network at risk from inside the organization. This primarily tool-based, rapid technical assessment focuses on a segment of a client’s IT infrastructure. The assessment identifies information, machines and configuration weak spots that could be exploited by a trusted insider or malicious outsider. This assessment is designed to determine the degree to which a organization’s most critical information systems and infrastructure components are susceptible to intentional attack or accidental compromise as a result of weaknesses or vulnerabilities inherent in most popular applications and operating systems.
Technical Assessment—Most organizations require a security assessment program that included implantation planning, methodology tailoring, an enterprise-wide assessment strategy and a plan for periodic reassessment. The complete technical vulnerability assessment provides this. Our security experts use a variety of software tools (proprietary, open source and commercial), penetration techniques and procedures to evaluate every identified device within the organization. The parameters of this assessment are largely customer driven and typically include:
External network scan—Evaluation of network security from the outside. The defensive perimeter (firewall, routers, etc.) is tested
Internal network scan—Evaluation of network security from the inside. This assessment also includes a Dial-up Access Evaluation and examines the organization’s policies, standards and procedures. It alsoidentifieswhich of the organization’s most critical information systems and infrastructure components are susceptible to intentional attack or accidental compromise as a result of weaknesses or vulnerabilities inherent in most popular applications and operating systems.
Risk and Threat Assessment
Investigation Incident Response
Accreditation is the formal declaration by those in authority that an information system is approved to operate in a given security mode.
What makes this necessary are long-standing DOD and federal civil agency standards like DITSCAP, NITISSI and NIACAP. Some recent government acts that mandate certification and accreditation include the Government Information Security Reform Act (GIRSA), the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). Finally, private industry may require services such as SAS 70 review, SysTrust and WebTrust reviews.