Many organizations don't consider how much of their reputation and successful operation depends on the security of their computer systems — until those systems are compromised. Often, companies find out the hard way that the most valuable assets they own are not their inventories, their petty cash drawer, or their company cars. Instead, the information about their business — payroll, customer records, sales prospects, email records, business plans, patent applications — is the truly irreplaceable asset. The loss of your company's valuable information cannot be undone, and can often lead to significant damage to your company's reputation. Without constant vigilance, your company is vulnerable to attack.

Simply connecting to the Internet or using email can make your company, or computer, a target for hackers bent on spreading viruses or stealing confidential data. Computer technology and information system security is a critical, and unfortunately necessary reality for every person/business connected to the Internet or a local Intranet. In today's highly technologically dependent and interconnected societies, we are constantly at risk of computer fraud, phishing, social engineering, port scans, spam, virus's and of course, physical theft of hardware. The 2006 FBI Computer Crime Survey reports the following key results:

• Frequency of attacks. Nearly nine out of 10 organizations experienced computer security incidents in a year's time; 20% of them indicated they had experienced 20 or more attacks.
  
  
• Types of attacks. Viruses (83.7%) and spyware (79.5%) headed the list. More than one in five organizations said they experienced port scans and network or data sabotage.
  
  
• Financial impact. Over 64% of the respondents incurred a loss. Viruses and worms cost the most, accounting for $12 million of the $32 million in total losses.
  
  
• Sources of the attacks. They came from 36 different countries. The U.S. (26.1%) and China (23.9%) were the source of over half of the intrusion attempts, though masking technologies make it difficult to get an accurate reading. Also, "inside jobs" occur nearly as frequently as outside attacks.
  
  
• Defenses. Most said they installed new security updates and software following incidents, but advanced security techniques such as biometrics (4%) and smart cards (7%) were used infrequently. In addition, 44% reported intrusions from within their own organizations, suggesting the need for strong internal controls.
  
  
• Reporting. Just 9% said they reported incidents to law enforcement, believing the infractions were not illegal or that there was little law enforcement could or would do. Of those reporting, however, 91% were satisfied with law enforcement's response. And 81% said they'd report future incidents to the FBI or other law enforcement agencies. Many also said they were unaware of InfraGard, a joint FBI/private sector initiative that battles computer crimes and other threats through information sharing.

The first step to take is to assess your current security stance by conducting a Risk & Vulnerability Assessment. Then make a plan to increase security with proper Security Best Practices and implement appropriate security technology such as a Security Appliance. Open Enterprise Solutions can help you with all of these security practices and help you to ensure that your most important business assets are protected from attack, or loss.

Risk & Vulnerabilty Assessment (RVA)

One of the first steps in securing your information and technology infrastructure is to conduct a Risk & Vulnerability Assessment (RVA). A Risk & Vulnerability Assessment is a systematic process designed to produce a measurable technical assessment of your hardware systems, access controls, servers and related systems. The RVA usually includes interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Depending on your particular information and technology environment, the RVA may also include the following processes:

• Evaluate hardware, software and other security systems
• Evaluate servers for settings that follow "best practices" regarding security
• Evaluate firewall adequacy, security settings, and related systems
• Evaluate IT department policies, processes, and documentation regarding security
• Identify weaknesses in the IT control environment
• Perform network penetration testing
• Provide report of weaknesses in controls over IT to management
• Provide written recommendations for improvements

Armed with the information contained in your RVA, your business will be better informed as to exactly where your greatest vulnerabilities lie, and which systems require immediate attention in order to ensure the integrity and security of your critical business systems and data.

Contact us for Pricing/Quotation.

Each year the CSI/FBI conducts one of the largest technology and information security surveys of major companies in North America and each year, the respondents report that most cases of security breaches originate from within the organization Invariably, disgruntled and dishonest employees have topped the list, with over 80% of respondents citing them as a likely source. Protecting your valuable technology and information assest from internal, as well as external attacks is an ongoing challenge for IT staff.

Security Appliances are the dominant approach for implementing network security services, such as firewall, virtual private network, and intrusion detection/prevention capabilities. This is primarily because appliances provide greater ease of use and lower total cost of ownership (TCO) benefits compared to software solutions deployed on standard application servers. Common, baseline features that support these benefits include a pre-hardened operating system (OS) and the ability to receive consolidated software upgrades.

However, not all network security appliances are created equal. A true appliance is more than a modified operating system running on a server. Compelling TCO benefits are only achieved from solutions that incorporate a foundation of sustainable reliability. The essential requirements for such a foundation include an appliance architecture that combines:

• Best-of-breed application software.
• Proven networking services.
• Network-centric configuration, administration, and management.
• Network-specific, purpose-built hardware.
  

Open Enterprise Solutions can offers best-of-breed security appliance designed around your unique network, application and security requirements which can provide the following security services:

• Packet Filter & Stateful Firewalls
• Spam & Antivirus Protection
  
• Web & Email Content Protection
• IPS SSL & IPSec Virtual Private Network (VPN)
• Intrusion Detection System (IDS)
• 24x7 Monitoring and Reporting

Contact us for Pricing/Quotation.

Security "Best Practices" Policy

One of the most often qouted and misguided approaches to security, is that computer and information security is entirely a "technology" problem. Lock the computers up, close unnecessary ports, install antivirus software, deploy a modern security appliance and you are safe. Although these steps can certainly go a long ways to ensuring the security of your critical business systems,there are still many ways in which your systems could be breached in spite of utilizing the latest security technology. Social engineering is just one such method and is a process where hackers manipulate people into performing a certain action or divulge confidential information. Other non-technological security risks include the use of poor passwords, assignment of inappropriate access roles as well as email and telephone practices etc.

Once you have identified your security risks and vulnerabilities, closed those potential risks, and deployed a suitable security appliance your next, and often most important step towards protecting your business systems and assets against attack, is to develop a "Security Policy". The security policy is a formal definition of an organization's stance on security, meaning what is allowed and what is not allowed. Information security controls are typically implemented to protect a company's confidentiality, integrity and network availability. Without policies, there is no assurance that the systems that you've invested in to protect your corporate data will work as designed. Additionally, in today's corporate world, information security policies are a required component of demonstrating "due diligence" and "due care".

An example of our Security Policy offerings include:

• Policy Assessment
• Policy Development
• Policy Management and Dissemination
• Security Awareness Training

Contact us for Pricing/Quotation.