Security Operational Feasibility Threats Risk Assessment

The following are current technology – or people–based services offered by Digital Locksmiths worldwide:

Over the past several years, forward-thinking organizations have found that it is important that everyone in their organization, from the engineers to the risk managers including the senior executives, have a solid understanding of what security, privacy, and data protection means in today’s world where mobile, e-commerce, e-services, Machine2Machine (M2M) and cloud computing are the norm and not the exceptions.

Recently, we have witnessed a steady growth in ‘hacktivisim’ trends such as  Stuxnet`, `Shamoon`, `Flame`, and `GAUSS` among others which have signaled a new era of “Targeted” Attacks where traditional security designs are no longer capable of defending or deterring advanced persistent threats.

Our Digital Locksmiths specialists will perform a comprehensive and in-depth Security Operational Feasibility Threats Risks Assessment program to assist your organization to enhance the security of Information Technologies, Networks and Infrastructure Communications, Business to IT processes, and Human Resources.

Our plan is simple; to work closely with your stakeholders to define and implement a scalable solution for critical protection of infrastructures and Information Assurance controls.

Our approach and methodology to implement the entire project is structured into 3 phases allowing you to decide and implement each phase sequentially defining goals and measuring results. This information you’re reading now is centered on PHASE A only.

PHASE A: Security Feasibility Threats Risks Assessment

PHASE B: Turn-key Security Solutions and Implementation

PHASE C: Sustainability and Security Center of Excellence

Initially as part of PHASE A, our team will work closely with your organization to define the requirements of each phase, allowing the assessment to scale back or expand depending on the results and the opportunities. This assessment will establish your organization as the leader in security and privacy standards nationally, regionally and globally.

Our team is robust, disciplined and comprehensive by utilizing the most innovative technologies and results-oriented project deliverables providing your organization with definable and implementable solutions. From the first to last phases of this engagement, our team will provide the necessary secured environments for technology and information management, adopting Canadian privacy and security laws and protecting data in support of your security requirements.

Our team is defined organizationally with strengths in security & forensic investigation, security and privacy technologies, Computer Security Incident Response, infrastructure engineering, business intelligence, service management, and project management among others.

PHASE A: Feasibility and Threats Risks Assessment

Our team’s approach follows the following activities and work scope:

  • Interviews with key staff members in charge of policy, administration, day-to-day operations, system administration, network management, and facilities management.
  • A Visual Walk Through of the facilities with administrative and facilities personnel to assess physical security.
  • A series of Network Scans to enumerate addressable devices and to assess each systems available network services. (These Scans will be conducted from within each center’s network and from the outside.)
  • A configuration and security assessment of at most ten key systems at each center.
  • Benefit Analysis – Review business parameters of sharing information within   systems and its components
  • Location Analysis – define the storage issues surrounding both hard an s/c copy
  • Define business process and criteria
  • Define issues surrounding transaction structures (environmental, social, etc)
  • Define and review physical infrastructure  (files, personnel, policies, procedures)
  • Review access to markets information (information sharing within and outside company)
  • Review standalone procedures with all partners
  • Define liaison personnel for project.
  • Carry out Risk Assessment
  • Review service area capacities
  • Review regulations for security processes
  • Carry out preliminary overview of facilities/infrastructure for information
  • Review technical performance standards
  • Review security policies and issues for structuring business relationships for information
  • Review service area security protocols
  • Develop/update system approach for comprehensive security policies
  • Draft any missing policies should the need arise
  • Develop upgraded performance standards for systems
  • Develop strategy for operating procedures
  • Develop recommendations for overall system operations
  • Develop/update standards for information handling to ensure  proper security and access to information on a need to know basis
  • Develop/update policies for handling the secure disposal of both h/c and s/c data
  • Testing Disaster Recovery Plans, Business Continuity Plans, or Emergency Response Plans.
  • Establish full cyber intelligence & situational awareness of your network systems

The first stage feasibility study includes the verification & validation of project requirements as follows:

  • Part 1:  Establish the current model
  • Part 2: Activate network intelligence platform providing the ability to establish full situational awareness of your organization’s network systems and vulnerabilities, by aggregating DNS, IP and other data from multiple feeds derived from your organization’s network, and from the global Internet.
  • Part 3: Perform a Threat Risk Assessment
  • Part 4: Perform a Penetration Test
  • Part 5:  Establish target model and roadmap to implementation based on summary of findings in parts 1-4.