A security architecture review is an analysis of an organization's technical infrastructure, specifically focusing on the framework of security controls that protect systems, networks, and information, from unauthorized access, compromise, or manipulation. Our staff reviews documentation and conducts interviews focusing on the design and the reasons for various design decisions. Topics generally include: identification and authentication, authorization/access control, password management, security event logging, intrusion detection and reporting, firewalls, intrusion prevention systems, operating system maintenance, application configurations, emergency response, data backup and archiving, contingency planning, operations procedures and change control. Secure Ideas then evaluates this information holistically to understand the effectiveness of the controls, identifying vulnerabilities, compensating controls, and providing recommendations to improve the overall security posture of the organization.
For many organizations, most of their employees do not need to understand the details of how the technology they use everyday actually works, all they need to know is how to use it to get their jobs done. Nor do they understand why their technology is so constrained with all the security "rules" that are required to use the technology. It is this lack of technical and security knowledge that makes them prime targets for a pervasive type of attack known as social engineering. Secure Ideas can test the knowledge and readiness of your entire staff through social engineering assessments performed either virtually (phone, email) and/or physically (onsite). Similar to attacks on an organization's computing or network environment, social engineering attacks focus on weaknesses found in human behavior, weak processes and procedures, and a lack of awareness or understanding of good security principles. Understanding these weaknesses aids an organization in addressing the gaps by improving their user awareness program, security trainings, policies, processes, and procedures. In order to minimize the ability or effectiveness of a social engineering attack.
Social networking, such as Face book, Twitter, and MySpace, is a large part of how people and organizations interact with each other in today's world. Secure Ideas has been a leader in assessing how an organization makes use of social networks and the risks that social media poses. A Social Networking Assessment will identify the risks with the use of social networks, whether for marketing the company services, or allowing casual access by employees, and provide recommendations on methods, processes, and techniques to help minimize the risks. We can assist with the development of usage policies for your staff as well as with ways to securely implement their usage within your network.
Secure Ideas speaks around the country on a variety of topics related to security. Our staff is available for speaking engagements and briefings. Where a presentation is based on a specific topic, a briefing is more personalized to a client's specific needs and interests. Contact us on how we can help educate your technical staff and management on improving your organization's security posture.