Information Security Professional Services
The services listed below comprise a sample of the Systegra's core services that are most often requested by our clients. Our approach is to initially focus on the existing policies and IT infrastructure, exposure to the Internet and other untrusted networks, and incrementally improve our client's security within the constraints of budget and acceptable risk. Our services include:
Regulatory Compliance and Industry Standards
- Federal (FISMA) and DoD Certification and Accreditation (NIST and 8500)
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes-Oxley
- International Organization for Standardization (ISO) 17799
- Gramm-Leach-Bliley Act (GLBA)
Security Monitoring, Intrusion Detection, Incident Response and Forensics
- Intrusion Detection System (IDS) architecture design and implementation
- Security monitoring consolidation of disparate security devices (firewalls, syslog, IDS, etc) via the implementation of Security Information Management Products.
- Incident Response Planning
- Review existing security monitoring, IDS and incident response plans for effectiveness.
- Provide expert forensics review and post analysis after an incident occurs. Includes isolating, evidence seizure, drive imaging, data analysis, correcting and determining the validity, extent and root cause of security breaches, and providing expert testimony.
Vulnerability Assessments and Penetration Testing
- Identifies vulnerabilities that may exist through misconfiguration or poor security practice.
- Provides an initial in-depth and rapid assessment of the effectiveness of deployed security controls.
- Perform internal network and/or perimeter tests of key systems and networks segments.
- Optionally, Security engineers will work to actually penetrate the target environment to the extent desired by the client.
- "War dialing" of Telecom infrastructures to identify rogue and/or improperly secured modems.
- "War Driving" to identify rogue and/or improperly configured wireless access points.
- Custom and/or third party Application testing, including web-based applications.
Information Security Training
- Full spectrum information security curriculum development.
- Expert training on all facets of the information security discipline.