Security threats, vulnerabilities and exposures impact every company, government, and university by creating risks that must be controlled and managed. Organizations that know the security risks they are facing and have taken action to manage them have a significant advantage over their competitors. To help clients achieve this advantage, Norris Long works with them to identify exposures in their security infrastructure, applications, wireless technologies and best practices. We then help them mitigate these risks and monitor them moving forward.
Integrity, confidentiality and availability regarding IT assets and data are the objectives of any security program. Today, organizations face significant challenges in meeting these objectives as vulnerabilities and threats increase, access to systems and data is needed by greater numbers of users - internal and external, and the rules and regulations continue to change often in uncoordinated ways. Norris Long, a solid resource for security services, can help you address these key issues throughout the life cycle of your security program. Help you understand your risks. We approach security from a business perspective. We start by first understanding your business functions – how technology is used to serve your strategy and what security risks mean to your business. We work with you to perform comprehensive assessments of the quality of your existing security and risk management processes.
We help you define the combination of organization, processes, software, and technology that aligns your current and future security needs with your business objectives. We work with you to evaluate options and then define policies, technologies, standards, roles, responsibilities, processes, and metrics needed for a sustainable security program – along with a plan for an optimal implementation so your most critical needs are met first and future security risks are addressed according to a plan.
We help you configure and enable security features in existing technology components as well as choose and integrate new intrusion detection, security monitoring, identity and access management, and security management tools into your environment. We can support your monitoring efforts. Sometimes, outside eyes can see things you don’t. We can help supplement your security monitoring capabilities with periodic vulnerability assessments designed to confirm that your network perimeter is intact and that your security monitoring capabilities are functioning as intended.
Our Services include:
- Risk assessments – utilizing leading security risk assessment methodologies to identify business and technology risks, and can includes quantitative risk analysis.
- Vulnerability assessments – interviews and testing designed to locate and prioritize vulnerabilities in the client’s environment utilizing ISO 17799 and other frameworks.
- Security assessments for individual technologies – platforms, wireless, voice, network, email, applications, using a consolidated Information Security Framework. These components can be executed individually or as part of a larger vulnerability assessment.
- External and internal penetration testing
- Regulatory compliance reviews – HIPAA, GLBA, industry guidelines
- Enterprise security reviews –designed to assess security across the enterprise, encompassing many aspects of vulnerability assessments but on a wider scale