According to Cisco, 48% of executives are "very concerned" about security, with 41% much more concerned than they were three years ago. Data theft has now become a multi-billion dollar industry, and anyone with a connection to the internet is a target. At ENS Group, we believe this area of technology is so important that we've dedicated an entire practice area to computer security.
The overwhelming majority of computer security breaches today are the result of non-sophisticated attacks, most of which could be avoided with the deployment of simple or intermediate controls. So how do you know what to protect, and how to go about protecting it?
ENS Group recommends adhering to a lifecycle approach for any IT security initiative. This lifecycle begins with a Security Posture Assessment and progresses through the development of an organizational security policy, the implementation of security controls, and the ongoing monitoring and testing of these controls. As a Cisco Premier Certified Partner with four Cisco Certified Experts (CCIE) on staff, and a team holding over 400 industry certifications, we understand what computer security means to business, and provide the most comprehensive network security services in Northern Indiana, Northwest Ohio and Southern Michigan.
Sometimes a second set of eyes (or in our case, a team of eyes) is the best way to get the overall picture, and our Security Posture Assessment is perfect for that. Intended to be a “deep-dive” into the security-related elements of your network, it includes both onsite and remote work, uses both manual and automated methods, and produces a highly valuable set of deliverables.
This assessment begins with a discovery of your computing assets and uses both manual and automated methods. Once the discovery is complete, we execute a vulnerability assessment, taking into account a variety of risk categories. From there, we conduct interviews with the owners and custodians of these assets and stored data. These interviews are intended to provide us with sufﬁcient information to complete a qualitative risk assessment, which is intended to present an economic balance between the impact of the analyzed threat(s) and the cost of the countermeasure(s).
Next, we conduct an assessment of the client’s existing security policy. We evaluate it for completeness in the context of protecting the aforementioned assets against the relevant risks.
After the security policy analysis, we assess the conﬁgurations of any deployed security controls (e.g., ﬁrewalls, IPS sensors, etc.) to gauge how effectively they are enforcing the restrictions prescribed by the security policy.
Finally, we provide a written account of our ﬁndings and recommendations from the activities in this assessment, and work with you to determine the best course of action for your organization. This gives you a thorough audit of your network security, and create an action plan to address any vulnerabilities. Of course, we are here to help with addressing these concerns if you would prefer to focus on other projects within your organization – it’s up to you!
How can your organization demonstrate that it's taken due care for the availability, integrity, and confidentiality of the information assets with which it's been entrusted?
Once your organization's relevant IT risks are understood, the next step is to develop an organizational security policy. In its simplest form, a security policy is a single document (or more commonly, a set of related documents) that describes the security controls that govern an organization's systems, behavior, and activities. At the highest level, a security policy does not specify technologies or particular solutions. Instead, it seeks to define a specific set of conditions to help protect a company's assets and its ability to conduct business. In essence, a security policy explicitly prescribes the need for the availability, integrity, and/or confidentiality of the organization's computing and information assets, thereby validating the need for security controls.
How can your organization actually mitigate its IT risk?
Following a Security Posture Assessment, any number of technical controls can be deployed to help mitigate IT risk. ENS Group has a host of seasoned consultants with the expertise to design and implement solutions for the following, just to name a few:
How do you know whether your security controls are working as expected? And how do you know whether your employees are security-aware?
Following the deployment of technical and/or administrative security controls, it's wise to regularly test their effectiveness. After all, how else can you be sure that they're doing what they're supposed to be doing? ENS Group has the technical resources to exploit vulnerabilities in network-connected nodes and web-enabled applications, as well as test password strength via staged brute-force attacks. Our penetration testing engagements are carefully scoped and scripted so that you can be sure your organization's controls are being fully engaged.
In addition to vulnerability exploits and brute-force attacks, ENS Group can assess the efficacy of your employees' security awareness. Working closely with your organization's management team, we can craft a phishing email campaign targeted at your employees. After launching the campaign, we'll provide a report that details who clicked what, as well as what information they provided. In short, this type of social engineering activity can quickly highlight those employees who may need a security awareness refresher.