Electronic
communication has become an essential component of many businesses,
and the Internet has been recognized as a powerful means to
extend the horizons of electronic communications, enabling organizations
to conduct business in entirely new ways. The same qualities
of openness and cost efficiencies that attract businesses to
the Internet also make it vulnerable.
To gain competitive advantage, organizations may adopt and implement
technology to provide access to the Internet and eBusiness.
As important as this new business systems strategy is, it is
equally as important to ensure that internal network services
and corporate systems security responds accordingly. Netrus
has the knowledge and experience to assist you in protecting
your network, web site or applications.
Strategic It Risk Management, Planning & Advisory
Organizations are rapidly pursuing exciting new eBusiness and
Internet opportunities and recognize that the security of information
and corporate assets is a key business issue in the electronic
world. The most challenging part of developing an IT Risk Management
Strategy is to ensure that it meets the requirements of the
organization. Risk Management forms an integral part of strategic
businesses management and must be flexible, scaleable and cost
effective.
Netrus works with its customers to assess their business risks
and exposures, develop an effective strategy to minimize risks,
assist in the development of a corporate action plan and provide
ongoing advisory support.
Information Security Frameworks
When designing an Information Security Framework, Netrus focuses
on People, Processes and Technology. Netrus Information Security
Consultants are experienced in the development of Information
Security departments, policies, procedures, risk / vulnerability
assessment programs, key performance indicator metrics, architecture
and implementation.
Netrus brings 15 years of hands on experience when working with
its customers to create a Security Framework that is specifically
tailored to their organizations needs.
Security Awareness and Education
Information Security is everyone's responsibility. The key objective
of an Information Security Awareness and Training Program is
to enhance security by:
Heightening
employee awareness;
Installing
ownership and responsibilities; and
Developing
skills and knowledge to perform duties securely.
The Netrus Information Security Consultants assist management
to understand the security awareness needs of the enterprise
and assist in establishing priorities and building Best Practice
methods of education and training.
Senior Management Presentations
Information Security is about culture and attitude. Without
Senior Management sponsorship and commitment, Information Security
programs are very difficult to implement or maintain.
Netrus is experienced in working with Senior Management and
Executives to assist them in identifying and understanding today's
eBusiness risks and provide them with a pragmatic approach to
minimize risks to corporate assets, information and brand image.
Senior Management's commitment to strong security practices
can ensure that security issues receive the attention that they
deserve.
Information Security Infrastructure
Policies, Procedures, Standards and Guidelines
Policies, procedures, standards and guidelines provide the foundation
and set the baseline standards that must be adhered to by management,
staff and contractors within an organization. Without a set
of governing standards for technology, its implementation and
uses can cause inappropriate use of business assets and resources
- resulting in lost revenues and productivity.
Netrus works with its customer to design a complete set of policies,
procedures and guidelines for their Enterprise Network, Internet,
e-Business and Information Security requirements that integrate
into their existing infrastructure, taking a pragmatic approach
and considering the existing business, cultural and implementation
requirements.
Information Classification and Privacy
The classification of information assets within an organization
allows for critical decisions surrounding the level of protection
that each category will require - business critical, confidential,
top secret, internal or public. A stronger security architecture
would need to be implemented for information that may impact
share price, brand image or customer privacy.
Whether it is an e-Business transaction system or new privacy
legislation, Netrus works with its customers to ensure that
their electronic information assets are identified, and adequately
protected.
Information Security Program Implementation
Netrus specializes in assisting organizations to achieve and
sustain an optimum level of Information Security within their
businesses that is user friendly, easy to implement, non-intrusive
to business operations and cost effective.
When designing an Information Security Organization, Program
and implementation, Netrus focuses on People, Processes and
Technology. Working with its customers to assess their organizational
requirements, a comprehensive implementation plan is developed
and expert interim resources supplement internal resources as
the organization grows.
Information Security & Technology
Assessments
Technology and Application Assessments
Conducting a security assessment is the first step in identifying
and understanding security risks within a technology or system/process
infrastructure. Assessments include a thorough review of operating
systems, networks, remote access, applications (firewalls, wireless
& web), databases, routers, switches and other peripheral
devices. By reviewing these in conjunction with business processes,
organizations can discover the vulnerable spots in the environment
and take corrective action before they are exploited by an intruder
or hacker.
The Netrus eBusiness security assessment methodology uses several
commercial and proprietary tools to assist in vulnerability
identification and resolution. Upon completion of the assessment,
its Consultants will then generate an action plan with recommendations
and fixes to address found vulnerabilities.
Information Security Health Checks based on the British Standard
7799
Information Security Health Checks are based on assessing People,
Processes and Technology within an environment. Netrus will
interview your staff, examine your systems and report on your
Information Security strengths and weaknesses.
Information Security Consultants will then generate an action
plan with recommendations to address shortcomings based on industry
Best Practices.
Security Policy Compliance Monitoring
Netrus will provide a second pair of eyes to independently review
an organization or third party supplier based on their existing
policies, procedures or contracted services - generally referred
to as security governance or compliance monitoring.
Upon completion of the review, Netrus Consultants generate a
report outlining deficiencies found and recommended resolutions.
These services are specifically tailored to each customer requirements.
Incident Response
Business Risk Analysis, Incident Response Plan and Team Development
As organizations are implementing new and exciting eBusiness
and Internet solutions, a security incident could cause serious
financial losses, customer dissatisfaction, or tarnish a corporate
brand image and reputation.
“If you fail to plan, you plan to fail” holds true
for determining priorities in a crisis management situation.
Netrus works with its customers to:
Assess
their business risks and exposures
Understand
their risk tolerance level
Develop
an effective strategy to minimize risks
Develop
and implement an Incident Response Plan
Design
an Incident Response Team and
Provide
ongoing advisory and support
Incident Investigation and Advisory
Netrus provides its customers expert resources in dealing with
Incident Response Management. Whether it is an attempted breach
in security, an intrusion to the internal network or e-Business
environment, virus outbreak or misuse of internal resources,
Netrus will perform the initial investigation and act as advisors
during the recovery period.
Forensic analysis and the chain of custody can be maintained
during an incident investigation to safeguard potential evidence
that may be required in an investigation.
Available 7/24/365 to its customers, Netrus will ensure optimal
response time in the event of an incident or intrusion.
Attack
& Penetration
Every system needs to be tested on a regular basis to ensure
that it has been securely designed, implemented and maintained.
For example, many organizations install e-Commerce, Firewalls
and Web server applications straight out of the box, using default
passwords and configurations that could leave them exposed to
serious security vulnerabilities and intrusions.
Attack & Penetration Testing services from Netrus tests
your e-Business environment to ensure that it is safe and secure
at a given point in time. Methods include the use of commercial
and proprietary tools to simulate an attack on your environment
from external sources using the Internet and dial-up. Each engagement
is tailored to and based upon the customer requirements. Attack
& Penetration Testing can include Remote Access, VPN, DMZ,
Intranet & Extranet, Firewall, Proxy Services, Electronic
Mail, Application Code Review and Social Engineering.
