Issues and Solutions The following solutions meet the needs of any company regardless of size, skill and/or Internet exposure. Internal IT and physical security starts with an understanding and evaluation of your critical assets (information and operational) and, based on the classification of that asset, the application of appropriate steps to mitigate associated risk. While the process of securing your assets (physical, logical, conceptual) may seem long and arduous it is critically important to begin the process today. Legal ramifications from not understanding privacy legislation results in bottom-line costs from legal expenses to judgments and awards. Many dollars are lost to legal claims because the basic chain-of-custody in information handling is not understood by IT personnel. How will the implications of the EU Data Protection Act of 1996 or the Safe Harbor Act affect your ability to perform international business, international data handling, data sharing and data processing? What EU legal liabilities flow through your international arm (subsidiary or 3rd party vendor) to you? Questions such as these require, at the very least, an understanding of the tactical (short-term) and strategic (long-term) plans necessary to protect your company, the bottom-line and, in some cases, you yourself. We have listed a few of the solutions to consider: Compliance auditing to regulatory requirements (i.e. NERC, FERC) Physical/IT Security Integration for Critical Operations Information Security Risk Planning and Goal Setting Project Management Implementation of Security Initiatives Information Security Policy and Procedure Review and Development Project Management Process and Methodology Network Scanning Vulnerability Testing Web Security Scanning Ethical Penetration Testing How do you secure a cross-industry enterprise that spans a large geographic location? Consider a multi-state company with critical assets that feed state, regional, and local areas that affects people and the environment. What about county or state considerations when planning for security events: how do you coordinate multiple industry players? How do you know what their vulnerabilities are and how they impact interdependencies? Take the time now, pre-event, to understand your impacts and the regulatory requirements that drive your compliance, or set the guidelines for security retrofit activities. Can this actually happen? Your facility has been breached or your web site is compromised, attackers go through your firewall, past your DMZ, and into you HR database. Your salary and the salaries of the executives in your company have been taken and posted to a community bulletin board. It turns out that the access was simple because a known, readily available security patch was not installed on your IIS web server. Being aware of the small software 'hole' would have prevented this security breach. The news hits the regional papers and is a by-line in the national papers but your stock drops by 5% for 30 days. Your stock value has dropped by hundreds of thousands, the shareholder value by much more. The corporate auditors want to see a documented record of the due diligence you are performing to show your systems are protected from the most current vulnerabilities. What will you show them? Managed security services are just one aspect of the value that ICCT Corp can bring to you. We can provide a variety of scanning techniques to enhance your existing security posture that will help to prevent unwanted intrusions both on your Internet facing network and on the internal network . These services proactively test for existing known vulnerabilities and best practice security architecture. With the help of ICCT Corp you will be able to close these vulnerabilities and strengthen your overall security posture and prevent unauthorized access. Network Scanning Weekly, monthly or quarterly compliance testing Ongoing monthly vulnerability testing Summarize and review the month's activities in a written report and conference call to: Determine if security can be compromised based on system or configuration changes. Help you adhere to your established security policies. Vulnerability Testing Provides a one-time full vulnerability test of your security to evaluate your point-in-time security relative to the dynamic Internet changes. Provides a summarization in a written management summary report with supporting technical detail. Web Security Scanning Remote vulnerability testing benefits any business customer connected to the Internet for marketing, data transfers and/or e-business. This is an effective proactive approach to enterprise Web server security. Companies become aware of and fix security holes before unauthorized access is exploited. Provides you with a Web server security review that assists you in deploying your Internet presence with due diligence and care. Ethical Penetration Testing ICCT Corp can minimize the risk of unauthorized access which may cause damage to your network. By performing a range of intrusion tests, onsite security assessments, and even social engineering (using the same techniques known to be used by the most common hackers) ICCT will can assist your staff in closing the draw-bridge from attackers.