Information Security

Information Security

“Security is an ongoing process, which requires organizations to build information security related processes to continually assess its posture and to react appropriately in the face of rapidly changing threats, technologies, and business conditions”

ISMS Implementation

Security Policy & Standards Development

Certification & Accreditation (C&A)

 

IT Risk Assessment & Management

 


 

Network Security

Application/System Security

E-Banking Security

Security Awareness & Training Programs

ISMS Implementation

Integrity, Confidentiality and Availability regarding IT assets and data are the objectives of any Security program. Today, organizations face significant challenges in meeting these objectives as vulnerabilities and threats increase, access to systems and data is needed by greater numbers of users - internal and external, and the rules and regulations continue to change often in uncoordinated ways.

Because of ever changing environments, increased regulatory requirements and complex security breaches, the organizations are challenged to:

≡   Protect critical applications, data, and systems from unauthorized access

≡   Manage the identities and access rights of people inside and outside of organization

≡   Provide sustainable and continuous regulatory compliance

≡   Reduce Information costs and manage risk—while growing business

As the number of reported information security breaches consistently increases, the need to create a management framework for information security intensifies.

TASC Management’s team of expert security consultants help organizations in developing Information Security Framework based on the ISO-27001 standarda proven framework to initiate, implement, maintain and manage information security within your organization.

Certification & Accreditation (C&A)

Certification and Accreditation (C&A) is a systematic procedure for evaluating, describing, testing and authorizing federal information systems prior to or after a system is in operation. Certification and Accreditation is a federally mandated standard process to insure that information systems meet documented security requirements and maintain the accredited security posture throughout their system life cycle. C&A process is divided into Four (4) phased approach: definition, verification, validation, and post accreditation.

TASC Management’s core competency is providing information security services supporting public sector and commercial enterprise IT environments.

TASC Management has demonstrated performance in developing and/or maintaining enterprise cyber security programs for complex information infrastructures for various government and commercial clients.

TASC Management’s Certification and Accreditation (C&A) support services include but no limited to following:

≡   Plan of Actions & Milestones (POA&M) Documentation

≡   Risk Assessment Support

≡   Security Test and Evaluation (ST&E) Services

≡   Account Management Program Support

≡   Security Administration

≡   Certification and Accreditation Support

Enterprise Risk Management

Information Technology (IT) is increasingly dominant in just about every business. However, organizations fail to recognize that business risks arising from IT deployment increase at a faster rate than what can be managed. Failure to manage risks in a timely manner may result in the loss of data and information integrity, loss of revenue, customer dissatisfaction and business interruptions.

An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets.

TASC Management provides a foundation for the development of an effective Risk Management program, which encompasses three processes: risk assessment, risk mitigation, and evaluation and assessment. TASC Management’s highly skilled Certified Information Systems Auditors (CISA) and Certified Information Systems Security Professionals (CISSP) can help your organization in establishing risk assessment framework and in mitigating risks affecting your internal systems, business processes and applications.

Security Policy & Standards Development

Security Policy is both the starting point and the touchstone for information security in any company. Security Policy provides evidence of the company’s stance on security and provides a living tool for every employee to help build and maintain that level of security. It is therefore essential that security policy is accurate, comprehensive, and useable. Information security policy defines the organization’s attitude to information, and announces internally and externally that information is an asset, the property of the organization, and is to be protected from unauthorized access, modification, disclosure, and destruction.

Consequently, Information security policies are an essential component of information security governance — without the appropriate policy and standards, governance has no substance and no rules can be enforced. As a result, Information Security Policies and Standards are critical in achieving organization’s information security objectives.

TASC Management’s team of Certified Information Security Managers (CISM) and Certified Information Systems Security Professionals (CISSP) can help establish Information Security Policy and Standards Development program for your organizations which includes:

≡   Defining Critical Security Policies & Standards;      ≡   Security Policy Framework Development;

≡   Policy compliance and enforcement methods;       ≡   Policy Review Process

Network Security

As the Internet has developed into the modern, complex network with the addition of Internet of Things (IOT), Network Security has become more problematic, with break-ins and attacks now so commonplace as to be considered part of doing business. In this increasingly interconnected world with mounting government regulations and potential security risks, the ability to protect sensitive information and availability of critical systems is an enormous concern that few organizations are prepared to face on their own.

TASC Management’s security experts will help you manage this concern by identifying where your network may be vulnerable and implementing effective security solutions - such as assessment, auditing, penetration testing, vulnerability assessments, intrusion detection and security regulation compliance. Our network security includes the following elements:

≡   Penetration Testing                                    ≡   Router & Switch Security

≡   Firewall Security (internal & external)               ≡   Remote Access

≡   Web & Email Servers

Application/System Security

In this age of Web based Business Systems & Applications, where loss of critical data, privacy of customer information, and other security breaches are the key risks - a critical business application or system requires a more stringent set of security than previously needed. By understanding the business impact of a loss of confidentiality, integrity or availability of information, it is possible to establish the level of importance of an application. This requires an organization to identify information risks to its application & systems and determine the level of protection required to keep information risks within acceptable limits by implementing stringent application controls.

TASC Management helps your organization in mitigating risks associated to you web application or systems by implementing application controls that pertain to the scope of individual business processes or application systems, including data edits, separation of business functions, balancing of processing totals, transaction logging, and error reporting.

Ensuring that Business Applications are functioning as required by verifying that:

≡   Input data is accurate, complete, authorized, and correct        ≡   Data stored is accurate and complete

≡   Data is processed as intended in an acceptable time period     ≡   Outputs are accurate and complete

≡   Logs are maintained to track the process of data from input to storage

≡   Access granted to application users is appropriate based on their roles & responsibilities

E-Banking Security

Maintaining the privacy of a customer’s information is one of the cornerstones upon which trust in the banking system is based. Misuse or unauthorized disclosure of confidential customer data may expose a financial institution to customer litigation or action by regulatory agencies. To minimize legal and reputational risks associated with e-Baking activities conducted both domestically and cross-border, banks should take appropriate measures to ensure adherence to customer privacy requirements.

Therefore, Information security is essential to a financial institution’s ability to deliver e-Banking services, to protect the confidentiality and integrity of customer information, and ensure that accountability exists for changes to the information and the processing and communications systems.

TASC Management can help banks & financial institutions establish appropriate security controls to:  

≡   Ensure the security and confidentiality of customer information;

≡   Protect against any anticipated threats or hazards to the security or integrity of such information; and

≡   Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

"People, not technology, is a critical factor that is often overlooked in the security equation"

Security Awareness Program & Training

Security Awareness Program is a critical component of the information security program. Establishing and maintaining a robust and relevant information security awareness program as part of the overall information security program is the primary conduit for providing the workforce with the information and tools needed to protect an organization’s vital information resources. These programs will ensure that personnel at all levels of the organization understand their information security responsibilities to properly use and protect the information and resources entrusted to them.

TASC Management can help establish security awareness program for your organizations which includes:

≡   Definition of security roles and responsibilities;

≡   Development of program strategy and a program plan;

≡   Implementation of the program plan; and

≡   Maintenance of the security awareness and training program

TASC Management - a premier training provider - provides extensive portfolio of Security Training & Certifications including but not limited to following:

  • ISO27001 - Lead Implementer
  • Project Management Professional (PMP)
  • CISSP – Certified Information Systems Security Professional
  • CompTIA Security+
  • Certified Ethical Hacker (CEH)