SOLUTIONS

INTERNET SECURITY SOLUTIONS

Information Security Management Systems

As most companies know, reliable security starts with proficient management systems and procedures. Examining the technical infrastructure remotely with vulnerability scans and penetration tests is widely accepted as an essential factor in maintaining the integrity of information systems. However, management practices, controls and checks also need to be in place to review and monitor the results. Codestone's commitment to providing world leading security services means that we are able to supply consultancy to arm organisations with the knowledge needed to ensure that business continuity and risk mitigation is simple and effective. According to a recent survey carried out by the DTI, 50% of UK companies will be considering the adoption of BS 7799 as a standard. Codestone can assist companies in their assessment of this standard, and measuring the suitability of its adoption for their organisation, their level of compliance and even preparation for a full BS 7799 audit.

Gap Analysis

Gap analysis provides a review of a company’s existing procedures and controls in relation to BS7799 part 2. Not only does this highlight any potential issues within the current information management systems, it also provides an accurate measurement of the length of time and amount of effort required to achieve the BS7799 standard. With the additional Threat Analysis option, Codestone can create a statement outlining the applicability of BS7799 to any specific organisation, plus create any policy documentation required. This service is suitable for any organisation evaluating BS7799 as a standard, or working towards certification.

• View on BS7799 Return on Investment
• Realistic view of current corporate procedures and controls
• Cost effective way of preparing for BS7799 certification

Internal Audit

This is a more technical review of existing policies and procedures ensuring that they are in line with best practices. A key feature of this service is the examination of systems and ensuring that policies are being adhered to. Critical servers will be tested for security vulnerabilities, authentication mechanisms will be audited and data storage systems will be tested for appropriate access controls. This service is appropriate for organisations that wish to understand the efficacy of their internal security, policies and controls and those that may be preparing for or have just undergone organisational change.

• Experienced third party view of corporate security
• Practical understanding of internal threats
• Validates internal security architecture

Policy Review

This is a high level review of security policies to ensure that they are in line with best practices, and that they are appropriate for an organisation’s business procedures. Optionally this may include the creation or reworking of security policies. This is appropriate for organisations who are undertaking the creation of security policies or who may wish to have them examined by a knowledgeable third party. Codestone will also examine policies to ensure that they are aligned with appropriate legislation and industry guidelines.

• Practical guidance on security policies
• Legislative compliance
• Objective review by experienced consultants

Firewall Policy Review

This service provides companies with a review and a recommendation report regarding the present security policies for their firewalls. This will help any company to understand what is missing from their current policies and what changes need to be implemented to ensure more secure networking environments.

• Evaluation of current firewall rule base
• Identification of current issues/ potential weaknesses/areas of concern
• Best practice recommendations on general firewall policy

In addition to the packaged services we have created, SWC are able to provide bespoke services around wireless networks, war dialling, social engineering, and forensics, to provide particular skills necessary for any specific requirement.

RESOURCES