|
|||||||||||||||||||||
| Security Services | |||||||||||||||||||||
| Tools and Technology Supported |
|
||||||||||||||||||||
| Legislation |
Law proposed for
security audits Public companies would report results yearly WASHINGTON -- New legislation being drafted in the U.S. House of Representatives, which could be introduced as early as next week, would require all publicly traded companies to conduct independent computer security assessments and report the results yearly in their annual reports. |
||||||||||||||||||||
| Known as the Corporate Information Security Accountability Act of 2003, the bill is being sponsored by Rep. Adam Putnam, (R-Fla.), chairman of the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. It would require companies to hire an independent auditor to assess existing information security controls and ensure that they meet basic standards that the SEC has yet to be determine. The agency would have 60 days after passage of the bill to come up with specific standards for the audits. | |||||||||||||||||||||
|
Wireless Access Points Audit |
Determine the vulnerability of Wireless Access Point. | ||||||||||||||||||||
|
Secure Wireless Access Points
|
1. Bronze - Wireless Encryption Protocol (40/64/128-bit certificates) and MAC Address Filtering | ||||||||||||||||||||
|
2. Silver - Bronze Lockdown + Network Address Filtering and Packet Address Filtering. |
|||||||||||||||||||||
| 3. Gold - Silver Lockdown + Use of Encrypted Channel for all communication. | |||||||||||||||||||||
| Local Area Network Audit | Determines the vulnerability of the existing network infrastructure including Local Area Networks, Wireless Access Points, Wide Area Networks, Email, File, Database, Application Servers, Proxies, Firewall Configurations, Routers Configurations, etc. | ||||||||||||||||||||
| Secure Local Area Network | |||||||||||||||||||||
| Database Security | Evaluating the security of existing or projected database schemas to assist in following best practices in securing ORACLE and SQL Server database. Including backup process with transaction logs, schedules for full, incremental, and differential backups to be stored off site at a secondary location. | ||||||||||||||||||||
| Application Security | Evaluating the existing programmatic security features and authentication means in new and old applications, from Delphi, Power Builder to COM/DCOM/COM+ and .net environments. Specialty working with protocols and ports through firewalls from a n-tier architecture. | ||||||||||||||||||||
| Maintenance | On going maintenance and follow-up security assessments available. | ||||||||||||||||||||
| HIPAA | Evaluation the HIPAA Security Act as a third party independent auditor or to pinpoint the sources of weaknesses or non-compliance. | ||||||||||||||||||||
| Note | Currently limited to certain areas of California. | ||||||||||||||||||||
|
|||||||||||||||||||||
