logoMaureen Data Systems

Home Services Partners Success Stories Government Company Contact
Business Continuity Mobile Workforce Network Infrastructure Security Storage Remote Monitoring

SecuritySecurity

At MDS, our certified security professionals offer the following services:

 

Security Assessment and Risk Analysis

To ensure both an objective and well constructed assessment and risk analysis, an independent third-party should be used in concert with your organization's own IT security staff and other appropriate personnel. Our security assessment compares an organization's policies and procedures with industry best practices. Your staff are heavily involved in the security assessment process, since they are the ones who have the most intimate knowledge of the overall situation.

 

The assessment consists of a best practices review of the existing environment, a comparison against both where the institution believes it should be in the IT security realm and a review of existing security policies. These three, taken together, can be used to form a plan for improvements and to recognized strengths in the current system.

 

An entirely independent risk analysis provides the opportunity to view your organization's IT security operation through another set of eyes, without any potential for finger pointing or recriminations. Of course, the risk analysis still needs to be reviewed, for both false positives (identified risks that don't actually exist) and missed issues. The risk analysis should be considered a living document, updated at least annually or more often if major changes warrant.

 

The risk assessment can include both a vulnerability analysis as well as penetration testing. The penetration test is normally conducted from the exterior of the network, working its progress inward. It is focused on gaining access to the organization's network by exploiting weaknesses.

 

Development of Written Security

Security policies should not be written in a vacuum. Even with the mandates of the law, each organization has unique situations that will dictate, to some extent, how the policies are designed. Policies need to take a view of both the current environment, and how the institution wants to shape its IT security situation. In addition, knowledge of the systems in use, the institution's business practices and security practices are all required to develop a full-featured security policy. We can help develop this policy.

 

Remediation Services

MDS advocates a 'Defense in Depth' approach to security which includes the installation of a combination of web-based, gateway and endpoint anti-malware applications. We use anti virus, anti-spam, anti-spyware, anti-phishing, URL and Content filtering solutions. We can also implement IPS signature and anomaly detection based solutions that are both hosted as well as appliances that reside within your network. A 'Defense in Depth' solution should incorporate a NAC (Network Access Control) implementation.

 

We configure firewall appliances with best practices policies in mind and implement leading patch management solutions as well as testing regularly for network vulnerabilities.

 

Security Managed Services

We partner with the leading managed services providers and can assist in defining a Managed Security Services Agreement employing the appropriate Security Event Manager (SEM) and delivering the necessary SLA's.