 |
 |
 |
 |
|
|
 |
|
|
 |
|
|
 |
 |
 |
 | |
 |
If you do not want to face this scenario, you must not overlook the physical security of your network-critical infrastructure. It is commonplace for most IT stakeholders, from senior management to users to think only about the cyber components of IT security. Phys Sec Consulting's services include an in-depth assessment of the entire physical environment in which critical information systems reside and operate. The importance of physical security cannot be understated. The best firewall, the best intrusion detection software, the best anti-virus package will NOT stop someone from walking into you business and walking out with a laptop. The PSA The backbone of our services to our clients is the Physical Security Assessment, or PSA . The PSA is a comprehensive, accurate snapshot of your network's vulnerabilities. It also acts as a test of the effectiveness of your current safeguards and practices. For more details on the PSA, click here. You just got the call from the CEO. The board expects the company to be compliant with the ______ Act (fill in the blank with SOX, HIPAA, GLB) in 6 months. What do you do? Companies across the board have had some time to examine and understand the alphabet soup of compliance legislation that has force-fed to the business world. Many of those working in IT management are still struggling to completely understand their role in these regulations. To ease the pain felt by CIOs and IT managers, Phys Sec Consulting offers compliance review services that help in uncovering vulnerabilities or weak spots. * The Gartner Group pegs the hourly cost of network downtime for computer networks at $42000.00, so a company that suffers from worse than average downtime of 175 hours a year can lose more than $7 million per year. The CRS Phys Sec Consulting's Compliance Review Service (CRS) uses the international information security standard ISO 17799 which address all the major components of the compliance regulations your specific industry or business follows. To find out more about our CRS program, click here! The PSA (Physical Security Assessment) What the PSA Accomplishes In today's connected business world availability of computing and network services has brought increased attention to the essential physical infrastructure. The only way to optimize the performance of the physical infrastructure is to manage it appropriately. Having a strategy to address your vulnerabilities is a major part of any management plan for critical infrastructure. Our PSA sets you on the path to a truly integrated and comprehensive solution to IT system security. The Intended Results #1 Keep Uptime Up, and Keep Downtime Down A clear understanding of your IT system physical vulnerabilities, threats, and risks. Why is this important? There are often small vulnerabilities that can bring your IT operations to its knees. The more you know about your risks and vulnerabilities the better you can protect those critical assets. Maintained employee productivity because of decreased downtime, which results in:
If your company is dependent on high availability IT resources downtime is not only a loss of productivity but a loss of profits. By identifying and mitigating the threats and vulnerabilities your exposure to downtime is reduced. Recommendations to minimize your risks, within your budget At the completion of your assessment we provide specific recommendations to correct the vulnerabilities that we have identified. We will make the concerted effort to identify solutions that will fit within your budget. You will have a better informed staff that can support implementation. Throughout the process we will keep your staff informed about what vulnerabilities we discover so that in the future they can continually monitor the critical network infrastructure for new problems. The PSA Process When you engage Phys Sec Consulting for your PSA these are the elements of our process. We examine the general security posture of your company. The physical security of your critical network infrastructure starts outside the doors of you building. Who are you letting into your premises? Did someone walk out with one of your marketing department's laptop? Do your employees understand the importance of security? We measure the level of security awareness as part of your company's general security posture. We develop a characteristics profile of your facility. A characteristics profile is a snapshot of your facility and is an important piece of the PSA puzzle. We examine factors like the construction of your facility, the physical layout, how utilities are routed to and around your facility, where are the single points of failure that can impact your data operations. We will observe your physical access controls and perform a security policy review. Physical access controls include things like card access control systems, gates, turnstiles, and security guards. Before any systems can be expected to work to improve your security you have to have the foundation of proper policies and procedures, and the capability to enforce them. We will conduct a review power, environmental controls, and fire protection requirements at your facility. These three areas are the backbone of keeping your IT operations up an running. Do you have enough back-up power in case of the loss of the commercial grid? Did you ever think of a scenario where you loose all the air conditioning? What would you do? Does you fire protection give you the coverage you need to protect you high dollar IT assets? We will assess your layered physical defenses and safeguards The security of any company should be constructed like the layers of an onion with your most protected asset being in the middle. We will use the onion analogy in assessing how you presently use defenses and safeguards to protect your IT infrastructure. We will examine emergency response, evacuation, and relocation plans To keep your IT operations running after a disaster (natural or man-made) you must have the appropriate business continuity plans in place. These plans must also be tested and adjusted as conditions change within your company. We provide you a system specific vulnerability and risk analysis Once we have a complete picture of your critical network infrastructure we will analyze the vulnerabilities and risks that face your systems. With the completed analysis we will then be able to recommend the best cost effective countermeasures to mitigate the risks. We recommend risk and cost balanced physical security enhancements Sometimes the solution can be as simple as putting special locks on your telephone closets where critical network equipment resides. We work with our clients to find the most cost effective solution based on the amount of risk you want to accept. We assist with implementation support. At your request we will work with you to put the solutions we recommend into place. This can range from revising policies and procedures to the development of specifications for security systems. Your company will come away with the following deliverables: Security Assessment Report Threat and Risk Analyses Reports Recommended Security Enhancements Implementation Support Is There a Business Case for Security? We are sure that if you speak to the CIO or IT manager of a company that has experienced an extended period of network downtime the answer would be a resounding YES . Physical security is a critical component of your IT systems management plan, because a failure in physical security can quickly eliminate all the work done on the software side to secure your network. Take the next step in keeping uptime up and downtime down, call Phys Sec Consulting at Is your company struggling with IT security compliance? The past 10 years there has seen a wide range of compliance legislation that has impacted companies large and small. Some of the names include Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Graham-Leach-Bliley Act (GLBA). The focus of much of this legislation is the protection and integrity of data residing on corporate networks. To help companies through the maze of IT security compliance Phys Sec Consulting offers a Compliance Review Process (CRS).
Copyright © 2004 PhysSec Consulting, LLC Website Design by Anne Holmes & Associates |
 | |
 |
       |