Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.
The fundamental precept of information security is to support the mission of the organization. All organizations are exposed to uncertainties, some of which impact the organization in a negative manner. In order to support the organization, IT security professionals must be able to help their organizations' management understand and manage these uncertainties.
Managing uncertainties is not an easy task. Limited resources and an ever-changing landscape of threats and vulnerabilities make completely mitigating all risks impossible. Therefore, IT security professionals must have a toolset to assist them in sharing a commonly understood view with IT and business managers concerning the potential impact of various IT security related threats to the mission. This toolset needs to be consistent, repeatable, cost-effective and reduce risks to a reasonable level.
Risk management is nothing new. There are many tools and techniques available for managing organizational risks. There are even a number of tools and techniques that focus on managing risks to information systems.
NetEvidence is well equipped to assist you in every stage of information security.
Regularly scheduled scans identify technical weaknesses in your information systems and are crucial to keeping your information secure. We use several different programs in order to validate the results of a scan and avoid false positives. Anytime a company significantly alters their network or information systems it is a good idea to rescan for weaknesses.
If our consultants find any vulnerabilities in a company's security, a penetration test will allow us to identify how an intruder would exploit the company. Because the technologies change so frequently and the methods of attack change as well, we prefer to review a company's security more frequently with the latest subset of new attacks to make sure it is up to date.
To provide additional piece of mind, we offer our clients a full investigation into what information can be found in the public domain. We scan the internet, newsgroups, blogs, and other sources. Many times we have found confidential company information that the client was not aware had been made public.
Almost evey company has deployed wireless networks to provide more flexibility to their network infrastructure. Wireless networks create a completely different challenge for network security that often goes unaddressed. Our consultants perform a complete analysis of wireless networks including: discovering signal radius, locating unauthorized access points, or attempting to break weak encryption technologies.
Security experts around the world agree, people are the weakest link in the security chain. It is human nature to try and help someone even if they are strangers. Intruders use this to their advantage and will try to impersonate a company employee to gain access to information they are not authorized to obtain. NetEvidence can help you assess this risk and work to mitigate it.
Well documented policies and procedures are the cornerstone to good security. Over time these policies and procedures become stale due to changes in the company or in technology. We work with clients to review policies and procedures making certain they will still be effective considering today's changing climate.