RISK-BASED APPROACH -

     Once we understand your data, that which is key to the business, we will assess your
     risks, vulnerabilities, and threats; we will suggest and implement automated
     detective controls, establishing a level of information assurance that will work for
     you. Surf Protection gives you "Security in the Cloud" by reducing your online
     footprint, which in turns reduce your risks from identity theft, phishing scams,
     malicious software, and possible data lost. Don't focus too much on cost, or wait on
     compliance to drive the conversation around risk management, let Surf Protection
     brighten your online experience by offering information assurance service you
     can trust!

    SECURITY IS A PROCESS -

    Security is a process - even with the proper security systems in place, the job is not
    complete. The systems must be routinely and continuous monitored for breaches
    (including alerts from new attacks), maintained with the latest version of software for
    all your programs, reducing the number of security vulnerabilities as threats change
    and emerge. Surf Protection does more walk than talk, as we also educate
    organizations around change control, vulnerability management, security configuration
    management, file integrity, log monitoring, intrusion prevention/detection, and
    alerting.

     GENERAL SECURITY CONCEPTS:

     Executive Security Awareness Presentation:

    (30-minute discussion emphasizing awareness of malicious software, privacy - "guarding
    your identity online", Laws, Password Management, Social Engineering techniques,
    email security, mobile device security, & wireless connections.)

    Attack Methods: Denial of Service, Data Ransom, Account Take-Over, Man-in-the-
    Browser, Backdoors, Session Hijacking, Brute Force, Dictionary Attacks

    Tech Support (Hardware Repair, Increased Speeds, System Cleanup, Virus
    Removal, Printer Setup, Wireless Devices Hookup & Connections)

    Computer Security Management (Firewalls, Spyware, Spam, Web
    Filtering, Microsoft & Third-Party Application Patching, VPN, Malware Removal)

    Network Management (Policies, Visible Data, Risk Management, Vulnerability
    Management, & Detective Controls)   

    PC Builds and Setup, Spam Email Filter, Software Removals, System Hardening   

    COMMUNICATION SECURITY:

    Email Security: S/MIME, MIME Object Security Services, Pretty Good Privacy, Spam,
    Hoaxes, Phishing

    Internet Security: Socket Secure Layer (SSL), Secure HTTP, IM, Web Browser Hardening
    Security, Secure File Transfer Protocol, File Sharing, P2P networks, Wireless Security
    WAP2, SSID   

     INFRASTRUCTURE SECURITY:

      Infrastructure Assessment Review 

     Device/Media Management - Firewalls, Intrusion Detection, Intrusion Prevention, VPN's,
     Routers, Switches, Voice Over IP, Wireless, Cable, DSL, T-1, Frame Relay, P2P,
     workstations, servers, mobile devices, Flash Drives, LAN, WAN, Honey pots, DMZ

     Security Baselines - Hardening Basics, OS\NOS Hardening, Network Hardening,
     Application Hardening, Database and Directory Service Hardening

     Cryptography - Crypto Basics, cipher text, stream ciphers, encryption, symmetric,
     message digests, hash, PKI, Certificate Authority, Repository, Archives, Trust Models

     OPERATIONAL SECURITY:

    Physical Security - Physical Security Threats and Controls, Facilities Planning,

    Business Continuity and Disaster Recovery - Data Backup and Recovery, High
    Availability, Business Impact Assessment, Crisis Management, Develop Recovery Plan,
    BCP Strategies, & DR Testing

    Security Management - Policy Creation, Procedures, Separation of Duty, Need-To-
    Know, Service Level Agreements, Privacy, Code of Ethics, Laws, IT Vendor Relationship
    Management, Technical Consulting, Risk Identification, Security Awareness Training

    Computer Forensics - Conducting Investigations, Gathering Evidence, Mobile Forensics

    Incident Handling\Response