Information Security Services
Our information security professionals have average industry experience of more than 25 years. We have done security work for companies ranging in size from very small start-ups to Fortune 100 corporations. Our industry experience is particularly strong in supporting clients in the financial, legal, Internet / telecommunications, and eCommerce fields. Some of the more common services that we perform are listed below, but we are prepared to assist any security endeavor through a custom approach.
Network Security Architecture
Working with your business and technical staff we provide design guidance on creating a security architecture that addresses real world threats to your network operations. We have found that the most cost-effective security results from fundamental choices at design time, but often work with clients to redesign existing systems.
Information Security Assessment
An objective review of your existing systems, procedures and policies -- your overall security program -- is a recognized step for assuring and improving the security of information assets. MSB has experience conducting risk assessments, design reviews and security assessments using both proprietary methods as well as SOC, HIPAA, and ISO 17799. By providing our clients with immediate feedback on issues discovered, as well as formal documentation suitable for all audiences, we help improve security in a practical way and to be able to communicate their security posture and challenges to management, customer compliance groups, vendors, and partners as needed.
Security Policy
Security policies document the decisions that your organization makes about priorities, goals, roles and responsibilities, and expected behavior regarding the protection of information assets. Many organizations do not have documented policies or have cookie-cutter policies that do not recognize realities of the workplace culture, and they face the risk of employees not knowing or ignoring what is expected of them when it comes to protecting information. Some organizations have policies that are out of date, often developed during an earlier era when "the computer" was kept in the glass house, and protecting it was largely a matter of controlling who could enter, physically and logically. Whether you have no policies and need them developed, or have out of date policies that need to be brought in line with the realities of an Internet connected world, we can help. All of our policy work is done with the objective of protecting the business, and all deliverables are designed to facilitate maintenance by the client staff.
Security Oriented Design Review
Our staff has performed design reviews of products for some of the largest network and software vendors in the world. We believe that product security is a function not only of the security features that are present, but also of each feature's design, the quality of the design and development process, the adequacy of security documentation, and the support processes.
Incident Response
Unfortunately, attacks against information systems are a fact of life today. Too often, our first interaction with a client is after they have already suffered an attack. While we strongly recommend that preventive measures be taken, supported by our other security services, we also recognize that sometimes only a serious incident will motivate management to authorize the expenditures needed to address security, and that even a proactive security program does not guarantee that attacks will not be successful. In the event of an incident, we assist our clients in several ways. We investigate the symptoms, and confirm whether they are the result of a malicious attack or a less sinister failure. We gather evidence which may be used to support subsequent legal action, either criminal or civil. We assess the systems affected, to determine the attack vectors that were used, and make recommendations for remediation to prevent recurrence.
Vendor Management
Compared to the computer hardware or even network equipment sectors, the security product industry is quite immature, with hundreds of vendors fighting for mind and market share. Many vendors provide quality products which perform as advertised, but some promise more than they can deliver. Because so much is at stake in selecting security systems, diligence at this stage of the security program can mean the difference between success and failure.
While we do not claim to be familiar with every vendor's product line, we have the deep technical experience and business acumen to effectively manage vendor selection and product procurement for our clients.
Because MSB doesn't sell any of these products and doesn't take revenue from vendors, we have no vested interest in the selection of any particular products, hence offer objective assistance to our clients in dealing with the vendor community. Whether you need help with understanding how to best apply one particular product as part of a security solution, or you need a formal RFP process conducted, we can help. Whether you need technical assistance in mapping requirements to features, a savvy negotiator to ask the hard questions that reveal fact from behind the smoke and mirrors, or simply assistance for your busy staff with the motivated sales force of your vendors, we can help.