Security Services: Reducing Risk, Increasing Trust
IT Security is an enabling process. Using innovative technology securely allows you to do things competitors daren't, and gives you that edge!
"The alternative to Information Security Management is crisis management, which is unpredictable, expensive, and painful!"
People and not products alone are the key to establishing a secure culture in your company. As anti-virus guru Dr. Alan Solomon says: "The most important element of IT Security is a community of informed and vigilant users."
Powerful IT equipment and networks can be easily installed today and be up and running quickly without specialist help, especially wireless technology. However, very few manufacturers provide security "out of the box" and the risks can be immense, especially with an unprotected wireless network. Jana ISS can help with:
Implementing security standards for
servers, desktop and portable PCS, including wireless networking;
Information Security Strategy/Framework
Development including Policies/Strategy for Secure Use of Information
Technology - for a presentation on this, see
here. For a proven IT Security Architecture that Jana can help
implement, see
here.
Risk Management Strategies to meet new
stringent rules of Corporate and IT Governance, for an overview see
here.
Information Security Reviews and Audits
for Legal Compliance e.g. Data Protection Act and BS7799 (ISO 1-7799/ISO
27001),
see here.
Internet/Intranet Security and Strategy
Development and Implementation. For an overview of policies to protect
against Internet and Email abuse by employees, see
here.
Doing Business on the Internet
securely: E-Commerce and Email Security.
Encryption solutions to preserve
information confidentiality: Email, desktop and portable
PCs, servers and databases, wireless connectivity
IT Security Awareness Campaigns: also
training for management and IT resource users in all aspects of IT
Security.
Incident Handling and Reporting
Procedures: feedback into Security Plans/Projects
Business Continuity Planning including
preparation of Business Continuity manuals, more details
here.
Computer Viruses: Anti-Virus and Virus
Hoax Protection
Programmes, Contingency Planning and Infection Handling, Junk
Electronic Mail (Spam), Spyware.
Measures to combat PC Theft, more
details here.
Legislation affecting IT - Data
Protection, Computer Misuse, Freedom of Information, etc., plus Expert Witness services - we have
already secured an acquittal for a charge under the Computer Misuse
Act.
Help for small businesses - see
here
Information Security Glossary - General Terms
Information Security Glossary - Technical Terms
Nigerian "419" Frauds
Have you received tempting
offers by mail, fax, email or even phone to earn a huge commission for helping
to transfer a very large sum of money from Nigeria or another country?
(This web-site attracts at least five such emails per day). If so, you should
be aware this is a well-known fraud, called
"419" after its definition in Section 419 of the Nigerian Criminal
Code. One objective is to induce you to pay them in advance for fees, bribes,
etc. to get this huge and completely fictitious sum transferred - sums which
keep increasing and money which of course you will never see again.
Another objective is to get you to part with personal or company details, including
blank letterheads, so they can commit identity fraud and take even more money
from you. In a small number of cases
people have been persuaded to travel to Nigeria to conclude this
"transaction", and have then been kidnapped for ransom. For more information
about what to do if you receive such messages, see the Metropolitan Police
web-site
or that of the National Crime
Intelligence Service (NCIS)
.
(US residents see here:
.
Residents of other countries will also find your country's relevant authority
has a scheme in place to combat these frauds.)
Under no circumstances reply to any of them!
Jana Information Systems Services forwards all those received here to the relevant UK authorities.
"Phishing"
Another common email scam (called "phishing" by the computer security community) is to send convincing messages from banks and other financial institutions asking customers to verify their account details online, or to provide information for security purposes. The sole purpose of these messages is to obtain confidential information that can be used for crimes such as identity theft or just theft from the accounts concerned. Banks never ask you to verify such information via email, so you can be confident that all such messages are fraudulent. Messages also purport to be from online financial services such as PayPal - these are very convincing, but are still scams.
Again, under no circumstances comply with these requests!
Both the "419" frauds and "phishing" yield very good results for their perpetrators, that's why they keep coming. Don't fall for them!
Security Reviews
Jana Information Systems Services Limited offer a six-stage Security Review for a fixed price:
1 Culture
We assess the security culture within your organisation, including staff awareness and behaviour, policies in place, and supporting documentation and procedures.
2 Threat and Risk Assessment
What needs to be protected? Who or what does it need protecting from? What can be used to provide protection? How can this be done at a reasonable cost?
3 Review of Security in Place
A review of the management of your networks, systems, applications, back-ups and business continuity planning. This also covers physical security. We can assess your organisation against ISO-17799, either manually or using the Proteus software from Patron Global Ltd. we investigate incident handling and reporting, intrusion detection, legal compliance (e.g. Data Protection Act). We can review previous audits and the actions taken.
4 Technology
We review products in place for client, server, LAN, WAN and Internet protection (firewalls, Internal mail gateways), also the standard of implementation and maintenance. We can give advice on intrusion detection, encryption and anti-virus measures.
5 Penetration Testing
We have links to ethical companies (not ex-hackers) that can test access to your system without any supplied knowledge, or by using information provided by you to simulate "social engineering" (tricking your employees into providing information) to carry out informed attacks. These tests can simulate attacks both from outside and within your organisation. (No attempt is ever made to bring systems down, disrupt traffic, amend information, or cause other damage.)
6 Evaluation
We provide comprehensive management-orientated jargon-free reports on the state of your security, with a recommended programme for improvement.
© Jana Information Systems Services Limited, 2006