As growth continues unabated in the information sector, so too grows the need for strong Information Security. The role of Information Security is threefold: To Protect against known risk, to Detect intrusion and improper use, and to Respond in an appropriate manner. To achieve these objectives, Information Security must be a continuous effort encompassing Policy, Process, Procedures, Education, Monitoring and Enforcement.

Whether your networks are wired or wireless, NYSTEC offers a comprehensive suite of skills and tools to meet the most challenging Information Security environments. From the development of Policy to Vulnerability Testing to Incident Response, NYSTEC will assist you in securing your networks.


The NYSTEC Information Security Methodology:

Network Review and Vulnerability Assessment
Before you can protect your network, you must first know what you are protecting. Network Review and Vulnerability Analysis is the first step. It may involve:

• Network Mapping

• Scanning

• Traffic Analysis

• Current Practice Review

• Backdoor Analysis

• Identify Critical Assets, Known Risks

• Wireless Network Audits
  

Information Security Policy Development
Policy is the heart of a strong Information Security. A Policy defines the goals and includes these elements:

• Acceptable Use
  

• Email Retention
  

• Password Requirements
  

• Network Separation
  

• Monitoring
  

• Data Ownership
  

• Remote Access
  

• Virus Protection
  

• Redundancy Requirements
  
  

User Education
Policy is only effective when the people responsible for its application are knowledgeable. User education can span many levels of understanding depending on your needs:

• Simple “How-To” Classes
  

• Detailed Classroom Instruction
  

• Executive Briefings
  

• Computer-Aided Instruction
  
  

Deployment and Monitoring
Once a Policy is generated, it must be implemented using tools that facilitate the following applications and processes:

• Secure Network Engineering
  

• Firewall Management
  

• Proxy Configuration
  

• Intrusion Detection
  

• Email Retention Enforcement
  

• Log Analysis
  

• Automated Response
  

• Virus Signature Distribution
  

• Encryption
  

• Incident Escalation and Reporting
  

• Regular Product Update
  
  

Wireless Security Improvements
NYSTEC can help you secure your WLAN. Measures include:

• Minimizing Signal Propagation
  

• Removing Rogue Access Points
  

• Interpolating Signal Noise Ratios
  

• Predicting WLAN Service Areas
  

• Network Reconfiguration
  
  

Incident Response
Information Security is risk mitigation and not total protection. Incidents will occur, and NYSTEC is prepared to assist with Incident Response in the following ways:

• State-of-the-Art Forensics
  

• Lost Data Retrieval
  

• Evidence Preservation
  

• Post-Event Analysis
  

• Institute a Policy-Based Response Process
  
  

Ongoing Review and Updates
The computing environment changes constantly. This calls for continuous review and revision of your environment and policies. Activities should include:

• Periodic Policy and Process Review
  

• Ongoing Scanning
  

• “Ethical Hacking”
  

• Updated Education
  

• New Security Product Review

Back to NYSTEC Home Page

Copyright © 2008 NYSTEC