Security Readiness Assessment

Security Assessment

TeleDesign Security’s Readiness Assessment practice assesses current security controls and provides related industry and best practices comparisons.

Coincidence, or foul play?

A fierce rivalry has been brewing between you and your closest competitor. The challenge is to bring the best product to market in the least amount of time. After carefully constructing a plan to ensure secrecy, you are confident that this product launch will be successful. A few days before your product goes to market, your competitor not only beats you to the marketplace, but they have produced an identical product! Is your enterprise really guarded against any form of intrusion? After concluding that there is a definite leak, how do you locate the security breach and protect yourself from future occurrences?

Keeping up with the Joneses

According to your boss, it’s time to re-evaluate the security controls in the company. This project has been placed on the back burner until recently, when your boss received a dose of reality from all the media coverage on the latest attacks, threats, and computer viruses. How is the rest of the industry reacting to the security threats? How do you prepare a security budget? How do you know if you are employing enough security or too much security compared to the rest of the industry?

What is a security assessment?

TeleDesign Security’s Security Assessment is an independent evaluation of existing controls and services that involves identifying business-critical information in order to make relevant security decisions based on your needs and trends within related industries. This assessment will evaluate your current security status, the desired status based on industry standards and best practices, and the steps to implement in order to achieve your security goals. In addition, we will provide guidance on how to prioritize information security initiatives and budgets. TeleDesign Security will work with you to develop a Future Strategies Plan that provides you with a prioritized list of the necessary steps to take you from your current information security posture to an acceptable and secure environment.

Levels of a Security Assessment

TeleDesign Security’s Security Assessment, at a minimum, consists of:

• A high-level security policy review
• Data gathering interviews
• Identifying and rating business risks and technical vulnerabilities
• Recommending solutions to mitigate the risk
• Completion of the STAMP™ program. (Secured Technology Assurance Managed Process)

The Intermediate/ Mid-Level Assessment tool includes:

• All items mentioned in the primary assessment
• Benchmarking against peer groups and best practices
• The development of a Future Strategies Plan

The Full Security Assessment includes:

• All items mentioned in the Mid-Level Assessment
• Internal/external vulnerability scans
• Firewall, router, and/or system configuration reviews

What is STAMP™?

STAMP™ is an automated tool that will quantify the results of a Security Assessment in a numeric and color-coded format. The STAMP™ results are determined by answering a set of customized questions. The results are calculated into an algorithm that weighs the answers based on best practices for information security.

What Is benchmarking?

In order to effectively measure your information security posture; TeleDesign Security will conduct a peer comparison of your information security policies, procedures, organization, and technology architecture with organizations similar in nature and security characteristics. This comparison will include an evaluation of similar industry organizations, as well as organizations that are similar in size, IT complexity, and location, regardless of the industry. The same criteria are used to measure each organization; therefore, comparisons are fair and best practices are easier to identify.

What are best security practices?

Representative criteria for determining the existence of the fundamental or best security practices are as follows:

• Are adequate standards implemented in the desktop/laptop and server configurations?
• Do sufficient resources exist for the performance of security?
• Are users of computer services identifiable?
• Is access to these services controllable?
• Is the privacy of information ensured?
• Is non-repudiation of transactions provided?
• Are security problems detected or identified in time to take appropriate action?
• Are security problems contained and recoverable?
• Are denial of service issues sufficiently addressed?
• Do crucial physical access controls, such as employee identification, locked doors, access control lists, etc. exist?

What are enterprise security assessments?

An effective way to examine your current security measures is to take a macro view of the organization by enacting an enterprise security assessment. This top-down approach is a complete business-driven risk assessment that takes into account the current security posture of your organization and demonstrates the defined goals and a plan of action to achieve the objectives. This type of assessment utilizes the STAMP™ Analysis tool.

What are technology assessments?

A technology assessment is a more in-depth examination of the current technology and application infrastructure of the company. It is especially useful for organizations that are ready to implement or have already implemented more complex e-commerce applications. Typically, Web-based and transaction-based companies utilize this type of assessment to ensure that their e-commerce applications are secure and performing to their expectations. With a technology assessment, TeleDesign Security will evaluate the security posture against common configurations and security best practices with an emphasis on routers operation systems, firewalls, VPNs, etc. This service is most effective when implemented with an enterprise security assessment, because it provides baselines and comparative benchmarks that impact the entire enterprise.

What differentiates TeleDesign Security from our competitors?

TeleDesign Security utilizes a sophisticated approach when calculating your company’s security posture. This approach encompasses business-specific objectives, requirements, and concerns with vendor-neutral recommendations. We don’t just identify problems – we help define a solution balanced around your business objectives.