Network Security Solutions
We puts our Network Security experts to work on your security problems. We analyze your network to identify vulnerabilities. Protect your network from intrusion and downtime, reduce total cost of ownership and complexity, and meet regulatory and compliance guidelines
IT Security Solutions
Penetration Testing
E-mail Security Archiving
Compliance Audits
Enterprise Vulnerability Audits
PCI Assesments
Server Security Audits
Firewall Configuration Audits
Threat and Risk Assessments
IT Security Solutions
Synergy IT Solutions Inc. provides consultancy and services in Information Security with the objective of protecting the interests of our clients, whose business process rely on their IT infrastructure and the critical information that they generate. We endeavor to ensure this information is protected against harm and can appropriately resist and recover from failures of Availability, Confidentiality and Integrity.
Increasing technical complexity leads to new and more complex risks. Access to the internet brings with it a myriad range of problems, besides the obvious risks of unauthorized access. Unwanted packets from Worms and Trojans are now hitting your network every second. New viruses, old viruses, mutated viruses, you name it. Big worms, fast worms, and worms that have been alive for years, nothing new, the only thing new about this is the magnitude of the problem. Take a few short moments to watch the receive light on your unfettered ethernet connection. Here in high bandwidth Canada, that flashing light now flashes almost solid. It’s almost unbelievable. It’s almost all malicious traffic. Little or nothing is being done to stop the growing pollution that now plagues the Internet.
The impact of a security incident can have any of the following consequences.
The impact of a security incident
- Business Disruption
- Competitive Disadvantage
- Direct Business Loss
- Loss of Public Confidence / Reputation
- Fraud
- Wrong Management Decisions
- Legal Liability
- Privacy Loss
- Poor Morale
Our Methodology in Brief: Our consultants use a structured approach towards creating a security framework comprising of the following steps.
Objective Definition: Discuss with management and set Scope and Objectives of Audit.
Risk Assessment: In this phase we would determine what assets are critical to the organization and need to be protected, Threat Identification and the potential implications of losing these assets. This process involves making cost effective decisions on what you want to protect, you should probably not spend more to protect something than it is actually worth.
Determine Vulnerability: This phase would include a detailed analysis and determination of vulnerabilities associated with the network, protocols, devices, applications, users and back door links.
Budget Analysis: Ensure the appropriate budget is identified and made available for the organization’s security requirements.
Security Policies and Procedures: Formalize the security policy if none exists or review existing policies and see if they are in need of updating. This phase is a exhaustive process and beyond the scope of this document. This phase would include information gathering, technical investigations and review application of best practices
Reporting and Post Audit Actions: Review of collected data, report preparation and presentation to management. Followed by the implementation of recommendations and other post audit actions.
Since a comprehensive IT Security Audit may not be viable for “Greenfield” organizations Synergy IT Solutions Inc. has the following tailored the following service selections, each designed with a specific focus and to address information security on both administrative and technical levels:
Information Security Audit- reviews corporate security strategy, policies and standards and their realization through technology and administrative procedures. Checks if a defined level of confidentiality, integrity and availability of systems and data is delivered effectively and efficiently through administrative, technology and physical controls. Provides recommendations on improving existing and introducing new controls to address requirements set by security strategy.
Security Controls Audit– reviews effectiveness and efficiency of existing security controls against their objectives, recommends appropriate changes and / or introduction of new security controls.
Administrative Controls Audit– reviews security policies, standards and procedures both against corporate security strategy and technical controls and recommends adjustments to reflect the changes introduced since last review.
Data Security Audit– reviews the data flow in the company to assure the set level of security is maintained at all stages of data processing and storage. Recommends control changes or additional controls to maintain consistent data security level.
Perimeter Security Audit– reviews through automated and manual testing security of publicly available systems and border protection of corporate networks. Provides risk based analysis of possible exposures and recommends controls to minimize the probability of exploitation.
Vulnerabilities Scan– scans using automated tools and manual tests the defined systems for well known and exploitable vulnerabilities and provides recommendations on minimizing the threat to corporate security.
Antivirus Audit– reviews effectiveness of technical and administrative controls protecting business systems from programmed threats including viruses, worms, trojan horses and other malicious programs. Provides recommendations on improving the protection.
Host Security Audit– probes the security of single systems through series of automated and manual tests. Reviews possible exposures and recommends the procedures to minimize the risk.