Information Security (INFOSEC) is one of the most important areas of focus for effective strategic business planning. Unfortunately it is also an area that has little attention paid to it – that is until an organization experiences an incident. Then a series of forensic activities are executed in hopes of discovering the root cause. By then, the damage has been done. If INFOSEC had been an integrated part of the strategic business planning, chances are the incident would have been avoided before it had a chance to do any damage to the organization.
The changing business environment is creating new vulnerabilities and criminals are adapting their techniques to exploit this. As a result cybercrime is becoming more common. Protecting customer information is still the most important driver for INFOSEC. The need for preventing downtime and outages has risen – perhaps because of Internet worm attacks. In the financial services and government sectors, complying with laws and regulations is now a top driver for INFOSEC.
Security incidences come from many places, meaning that a comprehensive plan will need to cover more than one type of threat – and more than one method of insurance. An effective plan will include a combination of technology, process and people.
Today’s innovative technology suppliers have begun to distribute software that is capable of acting like a cyber security force for an organization. LEVERAGE partners provide solutions in areas such as Single Sign On (SSO), user access rights provisioning, intelligent application provisioning, email and web security, next generation data security and physical asset tracking. These technology providers are focused within their specific solutions areas, meaning that they continuously innovate and maintain their security offerings up-to-date.
Even the most comprehensive suite of security software will not guarantee protection without the necessary human processes in place for managing and directing the activities associated with day-to-day business. LEVERAGE offers a complete set of process services that put into place the needed controls to provide an organization with a comprehensive INFOSEC model. These LEVERAGE services do not have to be implemented all at once to be effective. They can be implemented selectively or one at a time and still produce positive results.
|INFOSEC Process Services|
|Knowledge Management||Audits & Surveys|
|Configuration Management||Business Process Engineering|
|Risk Management||Solutions Management & Forensics|
|Vulnerability Management||Incident Response|
|ISSO Augmentation||INFOSEC Strategic Planning|
|ISSE Augmentation||INFOSEC Architecture|
|Certification & Accreditation|
A company that has chosen to move forward with security technology and INFOSEC processes needs to consider human talent in order to take their investment forward. Hiring professionals trained in the practice of INFOSEC and then bringing them up to speed on the company takes time. A better approach might be to select key individuals within the organization who possess knowledge about the business and train them in the practice of INFOSEC. LEVERAGE offers a comprehensive list of instructor-led training modules that will allow organizations to train multiple individuals at the same time – To make the training more economical, classes can take place on-site within the organization.
|INFOSEC Training Courses|
|Certification and accreditation basics||Solutions management|
|Security & test evaluation||Preparing annual security awareness briefings|
|Using the LEVERAGE SSP evaluation tool ™||INFOSEC strategic planning|
|Incident response||Information security officer duties (FIPS 200)|
|Contingency planning||INFOSEC architecture design|
|Business process management||Vulnerability analysis & management|
|Policy and procedure development||Network management|
|Risk analysis & management||INFOSEC forensics|
|Strengths, weaknesses, opportunities and threats analysis||Information systems security engineer duties (FIPS 200)|
|Conducting audits and surveys||Voice over IP (VOIP) security essentials|
|Knowledge management||Consensus audit guidelines|
|Configuration management||Information security/information assurance introduction|
|Comp Tia Certification Classes|
The LEVERAGE Advantage
INFOSEC is about balancing requirements against risks in order to protect data, systems and people; and to gain performance advantages. LEVERAGE has been working successfully with customers to implement the right technology, the right processes and the right training.