Empowered Infrastructure™ and Assessment is defined by a methodology that is used and approved by the National Security Agency (NSA). Also known as the INFOSEC Assessment Methodology. Our clients, their resources, processes and innovation help guide us as we navigate through a top-down analysis process, in which YOU identify systems that are critical to your infrastructure and business continuity.

  • Empowered Infrastructure™

    We granularly drill down into your current INFOSEC posture in order to develop a sequenced scope and schedule that will lead and guide us through the assessment process.

    In addition to the NSA approved methodology, Security Forensics adheres to the national Institute of Standards and Technology (NIST) standards and practices. Empowering our clients to take a hands-on approach to critical infrastructure assessment and internal investigative analysis, we work closely with YOU to tailor our approach to your specific needs and operational environment.

    The approach is to take a proactive stance to detect hidden malicious nuances that may be missed or overlooked by an architecture that is intended to be reactive and not proactive. Next generation and emerging technologies, coupled with federally proven methodologies, now enable organizations to be empowered. Assessments, on-going forensic analysis and systematic electronic discovery should be routine and standard practices for any organization held to federal-regulated compliancy such as 48 hour disclosure, concerned about their investment in their day-to-day operational infrastructure and held to the highest standards by their shareholders and investors.

    Methodology:
  • Interview top executives to develop a thorough process
  • Determine locations of critical types of data that reside on your infrastructure
  • Assess the impact and risks associated with threats to data confidentiality, integrity and availability
  • Identify where and how your data is stored, transmitted and processed
  • Gather existing documentation addressing data protection, protocols, performance requirements and any mandated security requirements

    By creating an Operational-Visibility into the topology of your network, we will map the critical complexities of your infrastructure, the physical and logical boundaries of your network and specify the location of critical information systems that sustain your day-to-day business operations.

    After the collection of this crucial data we will review all documentation, regulatory-compliant security mandates, by establishing a foundation to drive the appropriate baselines for delivery. Crucial baseline requirements can then be incorporated into the vulnerability assessment. The objective of the assessment is to determine the actual degree of compliancy within your organization. Management's guidance will be taken into account and will help steer and provide a benchmark approach, enabling the necessary corrective actions.

    Deliverables upon completion:
  • A Complete INFOSEC Assessment Plan, documenting the assessment strategy and the on-site assessment activities
  • A timeline for completion of the complete INFOSEC Assessment
  • Analysis of a network topology map with recommendations for corrective action

    Assessment Services:
    Assessment activities as mapped out in the INFOSEC plan, which uses the NSA methodology as well as a wide variety of industry and proven proprietary tools and techniques to probe your systems and identify vulnerabilities. The following assessment services are provided:
  • Attack and Penetration Testing
  • Detailed Security Policy Review, Creation or Modification
  • Internal Network Vulnerability Audits
  • Dial-up/Modem Vulnerability Assessments
  • Wireless Vulnerability Assessments

    Establishing an Infrastructure to support on-going Internal Forensic Analysis:
    By periodically performing internal investigative analysis, Security Forensics will enable your team to attain federal regulated compliancy of tracking, monitoring and auditing all electronic and financial communication. We will provide the forensic applications to help you become self-sufficient, so you are able to run your own forensic analysis. We will train your tea, on how to ward off a crime scene, preserve evidentiary integrity, determining what could be construed has hidden nuances such has heuristic patterns, recent hacking-trends, attack recognition, system recovery and the ability to Track-back origination of malicious code such as Trojans, Worms and Viruses to there point-of-origin. Becoming forensically conscious is a choice and the first step to becoming self-sufficient. It is Security Forensics mission to help your organization get there.
© 2007 Security Forensics, Inc. All rights reserved.
Terms of Use  :  Privacy Policy