 |
A WinMill Software 10-Day Comprehensive Security Analysis is an independent, objective assessment of your organization's security infrastructure. WinMill brings to the project extensive experience across all phases of secure software development and infrastructure design. The deliverable of a Comprehensive Security Analysis is an assessment of the following:
• Network design . We examine your network design from a perspective of adherence to business requirements, security, long-term operational manageability and efficiency. We will provide possible redesigned topologies or partial topologies, complete with the advantages and disadvantages of each.
• Written security policy. All security decisions should be traceable back to a documented security policy. WinMill will provide general templates if there are no documented policies, or work with you to enhance existing policies.
• Standards, procedures and guidelines. We examine your documented rules for universal configuration of hardware, software, and employee computer use (including email and password changing), using the written security policy as a guide . If these documents do not exist, we can provide templates for their creation.
• Remote access methodology. This process describes how clients or employees interface with the office when at remote locations. This is analyzed against the security policy and checked for security breach possibilities. WinMill can recommend alternate cost effective solutions for these processes.
• Backup and recovery plan. We assess how data and applications are stored, maintained, and recovered. The plan will be checked for adequacy and completeness. We can help establish a new plan or update an existing plan.
• Disaster recovery plan. The plan describes how the organization will recover in the event of unforeseen disaster. It should describe steps, people, and contact information for all parties involved and will be evaluated for adequacy and completeness.
• Firewall policy review. We examine which protocols and applications may access or pass through the firewall. The policy is reviewed, as well as the security of the firewall platform itself. If there is no firewall device present, then WinMill will discuss and design a general firewall implementation. (Actual firewall hardware, license, and installation are not included.)
• User management process . This is the method used to create, maintain and deactivate user accounts. The procedures should not allow for the ability to gain access to unauthorized areas. Possibilities of centralization of user accounts for use in applications, virtual private networks, custom software, and Intranets will be discussed, as applicable.
This project includes a discussion of overall security strategy. During the course of WinMill's evaluation, we will highlight potential issues, make recommendations, identify areas that should be further investigated, and offer general mentoring and expert knowledge transfer. An internal and external vulnerability analysis with documented findings may also be performed, where time allows. The deliverable of this engagement is a detailed document covering the points noted above.
Two WinMill security consultants perform a Comprehensive Security
Analysis, at least one of who is CISSP certified, over a period
of one week. This highly interactive project includes significant
client participation to gain the most value. Please plan to make
key staff members available as needed. Your investment in a WinMill
Software Comprehensive Security Analysis is $15,000.
Recommended Follow-Up Service:
Network Vulnerability Assessment
Certified Consulting as Needed
|
|
