Enterprise Security

Challenging Times – Security in the Enterprise

Growing threats, increases in attack sophistication, complexity of systems increasing, growing pressure to protect data, increased liability from security incidents and lack of due care. These are just a few of the pressures facing organizations today. Do you have a plan for security?

IT Security Governance, Management, and Planning

Security is an increasing responsibility for the board of directors and executive management. Sword & Shield offers a variety of consulting services to assist your organization in these critical planning and assessment activities.

Risk Assessment

An asset is said to be at risk when a threat agent (hacker, disgruntled employee, system user, natural event, structural failure, etc.) has the ability to exploit an asset's vulnerability. It is widely recognized that attempting to completely remove a threat agent or vulnerability is impossible for many risk scenarios. Therefore, some form of risk assessment must be undertaken to characterize the risk environment. Risk assessments vary based on the system's lifecycle:

• Early stage system development requires analytical threat and vulnerability risk assessment.
• Implementation and integration of sub-systems require security testing and risk scenario hypotheses.
• Initial and on-going operational stage requires actual threat-vulnerability pairings.

There are different types of risk assessments, and risk assessments are performed at various times throughout a system’s lifecycle. Security design is a continual process of tradeoffs involving risk assessment considerations, whether formal or informal. In the early stages of a system’s development, the threat and vulnerability aspects of risk assessment will be more analytical. As the system pieces and parts are integrated, the vulnerability portion of the risk assessment should be based on the results from the security testing process (as well as risk scenario hypotheses). During the final stages of system development (and the entire time the system is operational), actual threat-vulnerability pairings may be attempted (through testing) to obtain a clearer picture of the risk environment.

Sword & Shield provides risk assessment at all stages of system development and implementation.

Policy Review and Development

Good security decision-making is based on an organization’s security goals. Security goals are communicated to managers, end users, and operations staff through a security policy. A security policy is a documented and formal statement of the governing rules that regulate how an organization manages, protects, and uses assets. The security policy generally addresses goals, objectives, beliefs, ethics, controls, and user responsibilities in the form of high-level and generalized statements. Sword & Shield works with designated client staff to:

• Review existing security policies, both explicitly documented and implied
• Align policies to business objectives, culture, risk environment, and compliance pressures
• Map policies into a customized Security Policy
• Train client staff on Security Policy

Deployment of any network service is highly dependent on an implementation strategy that traces back to the organization’s security policy—the starting point that guides the entire security program. If the security policy is defective, it is possible that the organization’s data will be vulnerable in unexpected ways. The security policy is the keystone of the organization’s security program.

Security Architecture and Design Consulting

Although each design process is unique, there are several common elements. First, Sword & Shield consultants investigate the objectives (especially the security objectives) of the project. The design is then analyzed, with particular attention on placement of security architecture, security products, data flow, and monitoring plans. If required, Sword & Shield security engineers set up a test bed of the design components to test the effectiveness against the objectives of the project. The Security Design Report details the findings, recommendations, and manufacturer’s part numbers (if appropriate.) Design recommendations will be specific, including expected costs and benefits. The report may also include recommendations on project objectives and security requirements.

Integration and Implementation Services

Sword & Shield provides services for the specification, installation, integration, and testing of security solutions to safeguard customer network and computing infrastructures. Sword & Shield security engineers are trained, certified, and experienced with all major security solutions such as:

Firewalls Intrusion Detection/Prevention Anti-virus protection Email/Web Access/Audit controls

Identity Management Systems Virtual Private Networks (VPN) Encryption systems Content filtering controls for E-mail/Web Network security controls (scanning)

For security implementations Sword & Shield provides:

• Equipment acquisition assistance
• Installation/Configuration services
• Integration/Deployment services

Sword & Shield performs security engineering design work for large corporate and government customers, including classified environments.

Security Assessment and Testing

Sword & Shield delivers world class expertise with our network vulnerability assessment and penetration testing services. As threats grow and become more sophisticated, knowing where the weaknesses are before the bad guys do has never been more critical. For more information on our assessment services, click here.

Consulting

From initial planning and concept stages to full operational status of a computer/network security project, IT professionals may require more in-depth expertise in security issues and processes than is normally available on staff. Recognizing this need, Sword & Shield stands ready to provide corporate and governmental IT staffs with technically competent security engineers who pride themselves in working as an additional team member for their customers.

Proven Approach

With 10 years of proven experience in assisting organizations to successfully meet their security objectives, we are ready for you to put us to the test. Quality performance is our most important corporate goal. To ensure that quality performance is achieved, we rely on the integrity of each employee; insist that our program managers meet contractual requirements; place responsibility for quality with those who do the work; and ensure, through technical and management reviews and continual quality improvement, that we meet our commitments.

The landscape of security threats, risks, and countermeasures is rapidly changing. Keeping up with the latest developments can be very demanding on resources. Sword & Shield provides cost-effective, flexible, and manageable security solutions tailored to meet our customer’s security needs. At Sword & Shield we understand what it takes to address security risks in the IT infrastructure, and look forward to the opportunity of working with you to secure your environment.

With Sword & Shield as your security partner, you are well on your way to staying ahead of the threat.

Find out more:

• PCI Compliance
• Compliance/Governance
• Penetration Testing
• Managed Services

For Information on how Sword & Shield is helping federal agencies integrate penetration testing to address FISMA mandated annual security reviews, click here.

Our Markets

We service many markets, predominantly in these sectors:

• Banking & Finance
• Federal
• Healthcare
• Retail & Manufacturing

Request Consultation

To speak to a member of our team, please fill out this request form.

Full Name: Title: Organization: Email Address: Telephone Number: Comments / Messages:

Receive the latest news. Join our emailing list.