PLANNING: Vesque Partners offers complete solutions to meet your company security needs. Network security needs to be clearly and explicitly defined, preferably within a Corporate Security Policy Document. The security policy document is a comprehensive, definitive document covering all areas of IT security preparation, prevention, and response accountability.
PREPARING: Vesque Partners offers comprehensive Security Policy preparations. Security policy preparation usually includes the creation of usage policy statements (if none exists) or review of existing policies to assure completeness, a thorough risk and prevention analysis, and security response team formation. The risk analysis should identify the risks to your network resources including all physical devices, and data. The classification of risks is done (e.g. low risk components, high risk components etc.) and appropriate prevention measures to be initiated. The next step in security policy preparation is establishment of approved system access levels (e.g.,exec admin, ops admin, backup operator, user etc.) By assigning appropriate resource access levels clarifies access to critical resources restricting it to authorized personnel. Firewalls, proxy servers, gateways, and email servers all need to be given the highest levels of security.
IMPLEMENTING: The security policy team is responsible for implementation of security provisions and the Vesque Partners experts can provide assistance and IT training when needed. The security provisions typically identify and include the following:
- Firewalls, proxy servers, or gateway configuration
- Access Control Lists (ACLs) formation and implementation
- SNMP configuration and monitoring
- Security hot fixes to software of various devices, operating systems, and applications.
- Backup and restore procedures
RESPONDING: Education of staff to prevent and identify a security issue. Should any security breach occur, a response should be implemented by the security team. A security response consists of identifying the security violation, implementation of remedial action, review and documentation of the incident. Typical steps include the following:
- Isolate the violation and prevent further spread
- Take evidence of the violation before initiating a corrective action. Otherwise, the evidence may be lost, and you would not be able to identify the origin of the violation.
- Contact local police or government agencies and report if necessary
- Test the system for remedial action, and document.
RESTORATION: Once the security violation is investigated and documented, restore the system according to the appropriate restoration procedure defined in the security policy document, alert the proper authority to introduce changes as necessary, and meet with the Security Team to share all findings.
