Systems Maintenance & Implementation
:
Process Design
:
Infrastructure & Data Center
:
Network Security
:
Management Consulting
:
Skill Set
:
Productivity
:
Special Projects
:
Staffing

IT Security

 

ITCS is a leading network security consulting firm that has been utilizing a variety of tools and Best Practice methodologies that can protect your business internally and externally without hindering your business processes. The greatest threat to a business today is internal hacking from the company’s own employees. The days of having domain controllers, e-mail servers and other data servers on the same subnet with no access controls between workstations and server is gone. However, internal security is often given a lower priority and put on the back burner while the perimeter is being fortified.
Our network security consulting practice follows the recommendations of the National Institute of Standards and Technology for IT Risk Management Analysis. There is a method and structure to risk analysis, followed by a risk mitigation process. Risk mitigation includes a cost benefit analysis, mitigation options and a strategy for controlled implementation.
Our risk assessment process includes identification and evaluation of risks and risk impacts, and the recommendation of ways to reduce risk by implementing certain measures. In assessing risks for an IT system, the first step we take is to define the scope of the effort. In this step, the boundaries of the network are identified, along with the resources and the information that constitute the system. This then identified the scope of the risk assessment. Identifying risk for a network requires an understanding of the network’s processing environment. As a network security consulting firm, we collect system-related information, which includes the following:

  • Hardware
  • Software
  • System interfaces (e.g., internal and external connectivity)
  • Data and information
  • Persons who support and use the IT system
  • System mission (e.g., the processes performed by the IT system)
  • System and data criticality (e.g., the system’s value or importance to the court)
  • System and data sensitivity.

Additional information related to the operational environmental of the IT system and its data includes, but is not limited to, the following:

  • The functional requirements of the IT system
  • Users of the system (system users who provide technical support on the network)
  • System or application users who use the network to perform core functions
  • System security policies governing the network
  • System security architecture

The following techniques are used in gathering information relevant to the network within its operational boundary:

  • Questionnaire -To collect relevant information from both technical and non-technical personnel supporting the network.
  • On-site Interviews - Interviews with network support and management personnel that allow us to collect important information about the network.

The analysis of the threat to a network identifies the vulnerabilities associated with the system environment. The goal is to develop a list of system vulnerabilities that could be exploited by a potential threat sources.
It should be noted that the types of vulnerabilities that exist usually vary depending on the nature of the network. Our consultants determine whether the security requirements stipulated for the network and collected during the engagement are being met with existing security controls. If your business is in a niche industry, we utilize an industry specific network security assessment (Payment Card Industry assessment).
We use a security requirements checklist that contains the basic security standards that can be used to systematically evaluate and identify the vulnerabilities of the assists (people, equipment, etc.) procedures and processes associated with the network.

Security controls encompass technical and non-technical methodologies. Technical controls are safeguards that are incorporated into network hardware, software, identification and authentication mechanisms, encryption methods and intrusion detection systems. Non-technical controls include security policies, policy and procedures as well as physical and environmental security.

Compliance
Our experts can put your business on the right path for compliance. At ITCS, we have been providing businesses with Best Practices, quality solutions that have become the standard for successfully meeting compliance requirements for businesses of any size.
Today’s networks are the tools with which businesses manage their financial systems. While some compliance consultants come from a finance background with little, if any, technological knowledge. If a system on the network is faulty, that type of background will not be helpful in addressing the issue. At ITCS, we have a team the people with both business and technology backgrounds that yields an unequaled force.
We can implement and test the policies and controls of your business. If you have existing controls, we can enhance them. We have the in-depth knowledge and resources to put your business on the right path for compliance.

Firewalls
We have tremendous knowledge and seasoned professionals that are firewall consultants. Whether the firewall is Cisco, SonicWall or another manufacturer, our team of experts is more than likely experienced with the setup, configuration and management of that particular firewall. We are a leading Cisco consulting firm and have decades with of experience in implementing, configuring and troubleshooting Cisco devices.

Network Penetration Testing
At ITCS, we have conducted numerous network penetration tests or pentests. A penetration test is a method used to evaluate the security of a network by simulating an attack from malicious outsiders and insiders. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software issues as well as operational weaknesses. This analysis is conducted from the standpoint of a potential hacker and can involve active exploitation of security vulnerabilities. Effective penetration tests will couple this information with an accurate assessment of the potential impacts to the business and produce a range of recommendations to reduce or eliminate these identified risks and areas of vulnerability.

Penetration tests are valuable for several reasons:

  • To determine the feasibility of a particular set of attack methods
  • Identifying high risk vulnerabilities to the network
  • Identifying network vulnerabilities that are difficult to detect with automated network software.
  • Assessing the magnitude of potential impacts of successful attacks
  • Testing the ability of network defenders to successfully detect and respond to any attacks
  • Provide evidence to support investments in network security

At ITCS our network penetration methodology is based on the recommendations of the National Institute of Standard and Technology for IT risk assessment which consists of conducting penetration testing on information and data controls, computers, servers and other network equipment, personnel security awareness levels, fraud level, wireless devices, mobile devices, physical security access controls, security processes (both physical and logical) and physical location security risks. This proven methodology identified the risks and provides a road map on neutralizing them.

We possess many years’ worth of IT risk analysis and penetration testing experience. Our solutions, once the risks are identified, are based on standards developed for the Payment Card Industry (PCI). We have the ability to insure your network remains secure from both external and internal vulnerabilities.

 << Back to previous page




Contact Us
*Name
*Email
Company
Position/Title
Phone
( ) -
Comments


     Privacy Policy
Offices in Broward & Palm Beach Counties - Boca Raton - Fort Lauderdale