Coreseca provides validation and guidance to organizations concerned with securing their assets.
Information is an asset that is essential to an organization’s prosperity and should be dilligently protected. This becomes increasingly important as the business environment becomes more interconnected. With this ever increasing interconnectivity, information is exposed to exponentially greater vulnerabilities.
Information exists in many forms. It can be presented as hard or soft copy, transmitted electronically or by post, even spoken in conversation. Whatever form the asset takes, or technology by which it is distributed or stored, it should always be appropriately protected.
Organizations and their information systems and networks are faced with security threats from a wide range of sources, including computer-assisted fraud, espionage, sabotage, vandalism or by acts of God. Damage such as malicious code, computer hacking, and denial of service attacks are increasingly common, highly ambitious, and very sophisticated.
Our perspective on asset security encompases all facets of threat management. We closely follow the internationally accepted ISO-IEC 17799 2005, the "Code of Practice for Information Security Management" as amended.
Our highly analytical staff strives to look beyond the box. We have many decades of demonstrated experience securing some of the most difficult network environments. We have the hands on experience architecting , deploying and supporting security technologies for both wireline and wireless carriers since the inception of the Internet.
Coreseca's team is comprised of seasoned network and security engineering professionals. Our core staff was instrumental in the design of one of the worlds largest carrier networks. We believe that uncompromised security requires honest and dedicated domestic talent. Coreseca does not outsourse or recruit offshore talent.
Ensure proprietary data exposure is limited to absolute need to know individuals. User credentials folllow Best Practice policies for password expiration, retention and systems access. Identify stale user accounts and shared global logins. Ensure Anti Virus currency and deployment.
Local or virtual hosts are scrutinized to ensure stringent best practice protocols have been adhered to. Access protocols, permissions, detection, prevention, and recovery controls to protect against malicious intent are identified and validated.
Analysis of IPv4 and IPv6 addressing schemes, Routing protocol implementation, Core router / switching log analysis, Firmware currency, network capacity analysis and future growth forecasting.
Core Network Optimization
Analysis of perimeter security and routing platforms employed. Verification of effective rule based configurations, access lists and IPS / DPI strategies. Currency of patch levels, signatures and general hardening. Recomendation of current state technologies if applicable.
Assistance with development of sound business practices to ensure sensitive company assets are properly identified and secured. A first step in ensuring that a sound set of policies accurately identifies business proprietary information and the risk of it's public exposure.
Periodic independent audits identify lapses in sound security policies eliminating the the risk of poor security policy enforcement. Management and staff are evaluated for adherance to established company policies, methods and processes.
Audit and validation of machine and user accounts, their currency, aging, strength and vulnerability to compromise. It is essential that administrative / root access be restricted to a minimal set of absolutely necessary users. Account password strength and expiration enforcement policy reviews.
Coreseca will assist clients when there is a need to facilitate an orderly transition of network engineering or security staff. One of the least addressed necessities in business IT is the vulnerabilities associated with the inevitable staffing changes that occur within sensitive senior IS administrative positions.
Business assets exist in numerous media formats. Some may exist as hard copies and most will exist in electronic formats. The type of asset, it's life cycle and value will be documented.
Coreseca provides full vulnerability scans for networked hosts both publicly and privately accessible. Standardized practices recommends this be performed at least monthly against all public and private addresses deployed within the customer's environment.
Government regulations such as HIPAA, SOX, PCI DSS and the GLB Act require changes to many network security infrastructures and IT procedures. Ensuring compliance can be a tall order. Coreseca is here to help.
The best documented asset security policies are worthless without competent management and diligent enforcement. It is imperative that management at all levels clearly understands the importance of these policies.
copyright © 2015 coreseca.com