Security audits do not take place in a vacuum, they are part of an on-going process of defining and maintaining an effective security policy. A security audit is a systematic and measurable technical assessment used to determine if an organization's security policy is being employed effectively. PCSinet is dedicated to providing you with the highest quality security testing on the market.

Information Security

Government regulations and requirements such as the Gramm-Leach-Bliley Act (GLBA) and the USA PATRIOT Act help establish industry wide standards for Information Systems Security while ensuring compliance on a broad level. Section 501(b) of the GLBA stipulates that institutions must implement a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the organization and to the nature and scope of its activities. The program should be designed to ensure the security and confidentiality of customer information, protect against unanticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access or use of such information that could result in substantial harm or inconvenience to any customer.

According to Symantec, more than 100 new viruses and 60 new software vulnerabilities are identified weekly. For most organizations, just the mention of Nimda, Code Red, or the Slammer virus, is enough to drive home the need for stronger IT security.

A single virus or hacker can bring any business to a near halt, threaten core business assets, and entail hundreds of thousands of dollars in IT clean-up costs. Security issues can also arise from within an organization, from disgruntled employees or well-meaning individuals who fail to follow accepted and established security procedures. And yet, the competitive need to expand services and support flexible and secure business transactions over the Internet has never been greater.

Todays dynamic technological landscape often erodes the protective value of the security procedures an organization is using, demanding continuous security updating, and proactive, adaptive network security assessments. Here-in lies the challenge.

Security Audit - A Process, Not An Event

As organizations evolve, their security structures change as well. An audit measures the effectiviness of your organizations security policy and provides an analysis within the context of its structure, objectives, and activities.

An audit should build on previous audits to help refine your organizations security policy and correct defficiencies that are discovered during the audit process. A successful audit is about using organized, consistant, and accurate data collection and analysis to produce findings that can be measurably corrected.

Depending on your needs, a network security assessment can be a snapshot of a network at a specified point in time or it may be a continuous process. We can provide a single assessment over a period of a few days, or we can provide a continuous service over a period of months or years that includes intrusion-detection, monitoring, a continuous assessment of network components and periodic site assessments. A complete assessment will help establish a "security baseline" for your network. Continuous assessments help maintain and improve your "security baseline."

 
Home
Resources
Contact Us
 
Copyright 2005 PCSinet Network Security. Privacy Policy.