Information Security Practice

Information technology permeates all aspects of society and has become critical to industry, government, and individual well-being. Securing these vital services and structures and the availability of trustworthy information whenever and wherever it is required has become both an area of intensive research and also of burgeoning commercial activity.

Information security is an established field of Computer Science of both theoretical and practical significance. In recent years, there has been increasing interest in logic-based foundations for various methods in computer security, including the formal specification, analysis and design of cryptographic protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, and the modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. At SQC our vision of protection and excellence is supported by a business-driven and standards-based approach to every engagement. Our consultants conduct each assessment using a methodical and repeatable process to identify vulnerabilities in an organization’s infrastructure.

Security Policy Review and Generation

Our Information Security Program service offering provides our clients with a phased approach to implementing an organizational information security capability that is both business-driven and standards-based. Our methodology ensures that current industry best practices and best-of-breed solutions are used to develop a solid foundation for managing and delivering information security controls and activities within the enterprise. Our Information Security Program is detailed through four essential phases: strategy, assessment, engineering, and management.

Assessment

From Network Assessments that identify vulnerabilities that may exist at the network level to Application Assessments performed to identify vulnerabilities that may exist at the application level to Organization Assessments, non-technical reviews of an organization’s security posture, SQC’s consultants will evaluate your organization’s policies and procedures, physical security, tangible and intangible assets, threats and vulnerabilities to identify the organization’s current risk posture.

Security Engineering

SQC’s consultants will develop a detailed Information Security Architecture to meet defined requirements. Based on the architecture, our consultants work with our clients to develop information security solutions from detailed specifications using a repeatable and methodical approach. Information Security Testing ensures that solutions have been designed and developed in a secure manner, and Information Security Solution Deployment services deploy a solution into an operational environment, based on a detailed deployment plan.

Information Security Framework

Our Information Security Framework is designed to provide organizations with the architectural business blueprint to assemble and maintain their Information Security Program. This looks above and beyond regulatory compliance by providing a true business structure that is positioned to receive and act upon all security related business drivers and influencers. The Framework consists of the development of your Information Security Target which serves as both the focal point of, and the written manifestation of your Information Security Program.

This process is designed to ensure a single set of derived Information Security Requirements satisfying all relevant business drivers, therefore ensuring alignment with your business goals and objectives;

Maximum efficiency from your security expenditures;
Elimination of duplicate initiatives;
Simplification of security auditing activities; and
Detailed matrix mapping between all defined business drivers and your security requirements.

Information Protection

Regulatory and business drivers increasingly push information protection into enterprise information technology (IT) initiatives. The global war on terrorism, incessant informational attacks, protection failures, and media attention create internal forces that also drive the need to address information protection in any enterprise IT initiative.

The alphabet soup of security-related technologies and processes combined with diverse viewpoints within enterprises creates a complex decision environment fraught with peril. Our consulting services provide product-neutral, independent, third-party strategic expertise. Our consultants have the knowledge and experience to help settle internal disputes, the research necessary to stay current with the changing environment, and the understanding of enterprises necessary to align your business and IT goals.

In addition to consulting and assessments, an intensive workshop on information Security will provide you with the knowledge and theoretical background as well as with the requisite skills and attitudes to succeed in this challenging yet eminently rewarding field

This workshop is a complete package that offers a combination of training methods. It is designed to introduce users to computer threats and demonstrate the steps that can be taken to avoid them. Organizationally, this has many benefits. Act now to turn your weakest security link into your greatest security asset. Reduce your corporate risk by training your users and changing their behavior and create an organizational culture of security by empowering your users with knowledge.