Technical Solutions Technical solutions currently available include firewalls, smart cards and network monitoring systems. While these will improve the security of information, knowledgeable attackers with the right tools can still normally defeat these technologies. To ensure success, ISEC will ensure that these solutions are used prudently, in conjunction with other security measures, such as revised procedures and a dedicated and flexible management infrastructure, designed for pragmatic security. System and Network Security Policy ISEC can advise in the prudent use of firewalls, smart cards, and other technical solutions, and in implementing proactive technical protection and monitoring systems. We also validate existing measures and the selection of approved hardware and software suppliers specifically for: firewall installation, securing factory supplied operating systems, designing network organisation for security, secure network access points, data encryption methods and user authentication procedures.

The ISEC Information Risk Management Process - (above)

Validation - Penetration Testing This will include penetration-testing exercises (through black, grey and white box testing), code examination, security management and procedural reviews. The process will simulate a real-life hacker attack on your network resources using the latest tools and techniques. We will undertake a complete analysis of internal or external security from the point of view of an attacker, trying a wide range of methods of attack and intrusion. On completion we will deliver a comprehensive report on our findings and recommendations. Penetration Testing is specifically designed to suit the individual requirements of your organisation, and will include explanations of what is done and why, to increase the knowledge and capability of the client. In all cases, the information that we gather is treated in the very strictest of confidence. Containment - Creating / Evaluating Incident Response Capability We will assist in the preparation of an incident response capability to aggressively detect and react to attacks. This can also include the preparation and testing of Disaster recovery and crisis management programmes to assure business continuity. As part of our programme we will work with you to identify every plausible loss scenario, produce assessments of the organisation's tolerance to the loss and appropriate measures to manage risk. Disaster Recovery Depending on the scope of the operation we will advise and help with the selection of suitable recovery options, these can range from back up systems to dedicated hot stand-by sites: We will ensure that your chosen option will meet your recovery objectives. Business Continuity It is important that the plans work and that they adapt to the ever-changing environments of modern businesses. Our consultants will prepare adaptable and flexible plans that will be an integral part of the development of the organisation. This will include ongoing support and maintenance. We provide virtual reality exercises and testing to ensure that not only do client plans work, but also ensure that staff are familiar with the plans and are able to cope with the pressures of handling a real crisis.