RISK-BASED APPROACH -
Once
we understand your data, that which is key to the business, we will
assess your
risks, vulnerabilities, and threats; we will suggest
and implement automated
detective controls, establishing a level of information
assurance that will work for
you. Surf Protection gives you "Security in the Cloud"
by reducing your online
footprint, which in turns reduce your risks from identity
theft, phishing scams,
malicious software, and possible
data lost. Don't focus too much on cost, or wait on
compliance to drive the conversation around risk
management, let Surf Protection
brighten your online experience by offering information
assurance service you
can trust!
SECURITY IS
A PROCESS -
Security is a process - even with
the proper security systems in place, the job is not
complete. The systems must be routinely and continuous
monitored for breaches
(including alerts from new attacks), maintained with the
latest version of software for
all your programs, reducing the number of security
vulnerabilities as threats change
and emerge. Surf Protection does more walk than talk, as we
also educate
organizations around change control, vulnerability
management, security configuration
management, file integrity, log monitoring, intrusion
prevention/detection, and
alerting.
|
GENERAL SECURITY CONCEPTS:
Executive
Security Awareness Presentation:
(30-minute discussion emphasizing awareness of malicious
software, privacy - "guarding
your identity online", Laws, Password Management, Social
Engineering techniques,
email security, mobile device security, & wireless
connections.)
Attack Methods: Denial of Service, Data Ransom, Account
Take-Over, Man-in-the-
Browser, Backdoors, Session Hijacking, Brute Force,
Dictionary Attacks
Tech
Support (Hardware Repair, Increased Speeds, System Cleanup, Virus
Removal, Printer Setup, Wireless Devices Hookup &
Connections)
Computer Security Management
(Firewalls, Spyware, Spam, Web
Filtering, Microsoft & Third-Party Application Patching, VPN,
Malware Removal)
Network Management (Policies,
Visible Data, Risk Management, Vulnerability
Management, & Detective Controls)
PC Builds and
Setup, Spam Email Filter, Software Removals, System Hardening
COMMUNICATION SECURITY:
Email Security: S/MIME, MIME Object Security
Services, Pretty Good Privacy, Spam,
Hoaxes, Phishing
Internet Security: Socket Secure Layer (SSL),
Secure HTTP, IM, Web Browser Hardening
Security, Secure File Transfer Protocol, File Sharing, P2P
networks, Wireless Security
WAP2, SSID
INFRASTRUCTURE SECURITY:
Infrastructure
Assessment Review
Device/Media Management - Firewalls, Intrusion
Detection, Intrusion Prevention, VPN's,
Routers, Switches, Voice Over IP, Wireless, Cable, DSL,
T-1, Frame Relay, P2P,
workstations, servers, mobile devices, Flash Drives,
LAN, WAN, Honey pots, DMZ
Security Baselines - Hardening Basics, OS\NOS Hardening, Network
Hardening,
Application Hardening, Database and Directory Service
Hardening
Cryptography - Crypto Basics, cipher text, stream ciphers,
encryption, symmetric,
message digests, hash, PKI, Certificate Authority,
Repository, Archives, Trust Models
OPERATIONAL SECURITY:
Physical Security
- Physical Security Threats and Controls, Facilities Planning,
Business Continuity and Disaster Recovery - Data Backup and
Recovery, High
Availability, Business Impact Assessment, Crisis Management,
Develop Recovery Plan,
BCP Strategies, & DR Testing
Security Management - Policy
Creation, Procedures, Separation of Duty, Need-To-
Know, Service Level Agreements, Privacy, Code of Ethics,
Laws, IT Vendor Relationship
Management, Technical Consulting, Risk Identification,
Security Awareness Training
Computer Forensics - Conducting
Investigations, Gathering Evidence, Mobile Forensics
Incident Handling\Response
|