• Home
• About
• Industry
• Telecom Today
• Solutions
• Support
• Contact Us

Security Management

According to the CSI/FBI 2001 survey, over sixty percent (60%) of enterprises have had known cases of unauthorized computer usage each year since 1998. Although internal systems and remote dial-in were prevalent access points previously, the Internet now is the most frequent point of attack. Most likely sources are disgruntled employees followed by hackers and competitors.

While subversive threats grow from the Internet, so do business opportunities, partners and customers. We have developed a very comprehensive set of open source and Linux based products to maximize user access to information while providing comprehensive network security. As an example, we use OpenVPN software to provide the benefits of IP VPN and SSL remote access without the limitations of either. We also offer Nessus based vulnerability assessment, NIDS, HIDS and act as a trusted third party PKI Certificate Authority.

Security Scope:

Information security depends on data integrity, availability and confidentiality. These three areas are the cornerstones for ISO17799 information security processes. Atlas Group has helped Fortune 50 and smaller firms implement ISO17799 based information protection plans and business continuity planning.

Integrity means that the information that is sent or stored is received or retrieved in its original, unaltered form. Typically, integrity is maintained by protecting access to data and systems as well as encrypting the data. The amount of effort and cost spent to protect the data is proportional to the liability of loss.

Availability means that data will be available to the business when and where it is needed. Technology resilience is required along with disaster recovery and event management plans. Availability depends on having system and network functions ready and working when they are needed.
Well rehearsed event management and disaster recovery plans are in place to make critical data available as soon as possible in case of an outage. These plans must cover all critical data based systems and networks – not just offsite computing back-up.

Confidentiality ensures that only those users with authorization can read, write, change or move data. Confidentiality is based on restricting access to data, systems and networks in proportion to the business risk. The process to maintain adequate confidentiality is closely aligned with the business units. Every person’s change in job status should be evaluated for a potential change in access. These processes are supported by vulnerability tests and tools that can identify potential problems ahead of time.

REGULATORY CONTEXT

The regulatory trends seems to be for more government involvement and a desire by the U.S. federal government for better private industry interaction. Privacy concerns and protection are also paramount and sometimes conflict with tighter and more intrusive security. The following U.S. and European based regulations and legislative acts affect one present IT security framework.

• EU Council Resolution on Network and Information Security (2002)
• CIO Cyber Threat Response and Reporting Guidelines (2002)
• Computer Security Enhancement Act (2001)
• Cyber Security Information Act (2001)
• USA Patriot Act (2001
• Critical Infrastructure Information Security Act (2001)
• Cyber Security Enhancement Act (2001)
• Presidential Directive PDD-63 (1998)
• Health Insurance Portability and Accountability Act (HIPAA) (1996)
• Communication’s Assistance for Law Enforcement Act (CALEA) (1994)
• Gramm-Leach-Bliley Banking Act (1999)

Copyright 2008 Atlas Group - all rights reserved