EVALUATING AN INFORMATION SECURITY FIRM?

spring2009
Choosing the right information security firm is as important for your organization as choosing the right accounting firm or the right legal team…
In fact, taking the time to choose wisely now can save countless resources later. Here are just a few things to consider when choosing an information security firm.

Reputation
Be sure you are working with a well respected information security organization. Does the firm have experience serving organizations in your industry? What is their reputation? Ask for references, not only for the company, but also for the consultants that will be working with you and your team… and then check them! Consider this: your information security team has access to much if not all of your most sensitive data. Your trust and confidence in them will be one of the most important factors in your future relationship.

Qualifications
Make sure the consultants hold relevant industry certifications and also have a current and comprehensive information security knowledge with business experience. What specialized certifications do they hold?

Budget
While budget can be the deciding factor for many organizations, it is not the most important one. If the firms you are considering don’t make it past the first two items on this list, but they fit your budget, think twice before hiring them. With the average cost of a breach now exceeding $6 million, a mistake here could cost you exponentially more than the cost of choosing a qualified, reputable firm.

 

IS YOUR DATA EXPOSED? HOW CAN YOU FIND OUT?

Every organization utilizing an internal computer network, web server, or web-based applications is at risk for a security attack. Fortunately, there are affordable, proactive measures that can help ensure a breach does not happen to your organization.

A well-managed information and technology security program should provide regular vulnerability assessments, web application assessments, and network penetration testing. During a vulnerability assessment, the consultant will assess system integrity by analyzing internal and external resources, often including wireless access exposures. Web application assessments allow the consultant to detect weaknesses in the security of web-based applications used by your organization. Penetration testing includes ethical hacking, impact assessments, and exposure mitigation planning.

Following these assessments, a reputable information security firm will deliver their findings in a comprehensive report. Your customized report will identify security issues by type and severity, potential for breaches that may have otherwise gone undetected, as well as mitigation strategies for each potential problem area identified.

 

GET 3-FOR-1 SOLUTIONS FOR YOUR INFORMATION SECURITY SPEND

Compliance, Security, Performance.

Your network is utilized daily by employees, contractors and visitors; all with varying permissions and access levels. What is the single most important factor for your network administrator to maintain?

Is it retaining the highest level of security and ensuring that your customers’ data is protected?

Or, is it remaining in compliance with regulatory requirements that are becoming increasingly more complex?

Or perhaps it’s optimizing network performance levels to ensure that business functions are uninterrupted and ever-increasing workflows are accommodated.

Chances are you’re not willing to compromise in any of these areas. Each is crucial in its own right and a weakness in security, protection, compliance or performance could have a significant, negative impact on your organization.

 

YOUR WEAKEST LINK HAS A NAME AND IT ISN’T A NEW DEVICE OR TECHNOLOGY

A presentation on data loss prevention strategies by ICS President and CEO, Steve Goldsby, included the following all too common scenario:

Problem:
Henry has to complete an employee payroll spreadsheet by 9 a.m. on Monday; only he doesn’t get the assignment until 4:30 Friday afternoon.

Henry’s solution:
“No problem,” Henry says. “I’ll just send it to my Yahoo account and work on it from home this weekend.”

What’s wrong with this picture?
Confidential data, such as employee ID and payroll information, should never be sent to an unauthorized external address and should never be sent without adequate protection measures in place. Henry wasn’t trying to compromise company information; he was just trying to get his job done. That situation is where data-leak-prevention products protect you. Those solutions that we provide can stop the data from leaving or alert someone in this type of situation.

Want to learn more? Click here to download the presentation.

Veteran Owned Small BusinessCMMI Maturity Level 3CISSP® - Certified Information Systems Security ProfessionalCertified Penetration TesterITIL IT Service ManagementCertified Ethical HackerProject Management Institute CertifiedUS Department of Homeland SecurityDisaster Recovery Institute CertifiedCertified Information Systems Auditor