Security
Risk Management
As e-business increases the need for
accessibility of information, so it also increases the risk factor. And, of course, the more valuable the
information, the greater the probable competitive loss if corrupted or stolen. Successful computing in this environment,
therefore, demands the ability to effectively protect corporate information
while simultaneously making it available to the right people.
However, while security has never been simple, it has become
increasingly more complex in a networked world. With internationalization,
alliances, and mergers, organizations themselves are constantly mutating and
evolving at electronic speed, no longer being a single, stable, trusted entity.
Different subsidiaries, branches, and even departments may not have the same
security requirements, systems, and policies. Often critical business
information will be in a partner's Information system, beyond your control, and
you must rely on them to protect it adequately.
The bottom line is that, to really succeed, not only must corporations enforce the protection of their open
services against external threats; they must establish and manage a global
security policy. Internet security is only the tip of the iceberg!
Enterprises will need to cover the security of their internal systems while
supporting the requirements for extending access outside the corporate walls.
Testmasters' information security engineers provide a full
compliment of vulnerability assessment and threat identification services. Our professional staff can help your
organization surface your exposures and clearly define your security
requirements. The scope of our Risk
Management Services include:
p
Review organization security policies and
procedures.
p
Ensure the existing security policies
comply with federal laws and regulations.
p
Ensure the security policies are aligned
with the business needs by identifying areas of vulnerabilities and
recommending corrective action.
p
Develop and review Security Plans,
Contingency Plans and Disaster Recovery Plans.
p
Conduct Security risk Assessment of
customer-installed equipment and software and/or proposed equipment and
software to be installed.
p
Recommend standard security controls for
connecting to and using the external systems such as the Internet and
electronic commerce networks.
p
Develop Disposal Plans for removing
legacy equipment. Disposal plans will
concentrate on preserving information and preventing unauthorized disclosure.
p
Physical Security: Review physical security and recommend
physical barriers and control procedures as countermeasures against threats to
resources and sensitive data.