Information Security

Information Security risks range from a disgruntled employee to a highly experienced hacker. Unauthorized access, compromise of information, integrity and denial of service are just some of the negative results of not having a 360 degree IS program in place.Information security deals with several different "trust" aspects of information. Another common term is information assurance. Information security is not confined to computer systems, nor to information in an electronic or machine-readable form. It applies to all aspects of safeguarding or protecting information or data, in whatever form.

The U.S. National Information Systems Security Glossary defines Information systems security (INFOSEC) as:

“The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.”

Redmond Worldwide, Inc clients feel secure that their vulnerabilities have been assessed, mitigated and planned for. IS vulnerabilities are considered from the aspect of negative impacts from internal and external, structured and unstructured and hostile and non-hostile vulnerabilities.

Only a comprehensive security information management solution can help your enterprise meet its business obligations and prevent unwarranted expenses. According to a recent article in e Week News, U.S. lawmakers are contemplating new enforcement tools and financial incentives to spur better security practices after a report card on federal information security showed government CIOs managed a barely passing D+ average. "I think they take their eye off the ball," said Rep. Tom Davis, R-Va., chairman of the House Committee on Government Reform. "This demands constant attention. Every day they have to be thinking about this."

The rising cyber-security risk, combined with the recent Sarbanes-Oxley law requiring companies to deliver greater information security and integrity, are forcing companies to retool operations... Former White House cyber-security czar Richard Clark says companies are at a "tipping point," where the ability of hackers to attack networks may soon eclipse the ability of companies to fight back. Commercial operating systems and IP networks are just two points of vulnerability that worry security experts about critical industrial information systems.

We have full Information Risk Management capabilities to conduct risk assessments, planning and implementation for appropriate safeguards.

ASSESSMENT:

• Value and Threat Assessment

• Vulnerability Assessment

• Risk Measurement

• Risk Analysis

• Risk Profiles

• Security Enhancements

• Documentation of Vulnerabilities

• Quick Hits

• Long Term Recommendations

• Implementation

PENETRATION STUDY:

• Broad Research and Reconnaissance Techniques

• Exploration – Uses non-intrusive techniques to identify vulnerabilities within the entity

• Intrusion - Tests security controls by exploiting vulnerabilities

• Restoration

• Project Reporting summarizes and presents analysis and conclusion

 SECURITY ARCHITECTURE

• Strategy Development

• Information Security Architecture and Design

• Information Security Engineering and Design

• Business Process Reengineering

SYSTEMS INTEGRATION CONTROLS

• Business Process Controls

• Information Security Controls

• IT Operational Controls

• Data Quality/Integrity Controls