free hit counter

 
BuiltWithNOF
Network Security

WA PI# 2194                                                          Licensed & Insured                                                        CA PI# 18116

 

“82,094 security incidents were publicly reported in 2002.” *

“82% of incidents were caused by hackers, 77% were caused by disgruntled employees.” **

Services

Consulting

Newstrom & Associates consulting services range from assessment to management. Clients’ information security, computer security, and network security represent the broadest approach, while risk exposure, gap analysis, policy review, threat modeling, security ROI, benchmarking, and compliance analysis provide specific areas for consulting engagement.

Risk assessment and risk management consultation enables clients to make information management decisions and develop effective security policies, based on management’s decisions about specific business information and its uses. The result is a program tailored to ensure critical controls and protection for each enterprise.

Professional Services

Vulnerbility Assessment

Newstrom & Associates assesses and tests all of the components of each client’s security system. Useful reports to management cover specific weaknesses, vulnerabilities, and critical fixes.

Enterprise-wide information systems are necessarily complex. Security defenses for those systems need to be equally sophisticated. Gaps can develop anywhere, whether through known vulnerabilities or inadvertent mistakes. Newstrom & Associates identifies the holes before the hackers do, helps clients fix the problems, and monitors operations for continued reliability.

Each assessment is customized to fit each client’s needs and enterprise architecture. Each system component – firewalls, routers, applications, intrusion detection system, etc. – is evaluated. Clients can select one or more testing area for an engagement. Or, for maximum business assurance, the entire IT and physical systems can be combined in a comprehensive evaluation.

Management gains insight into the policies and practices that are needed for intrusion protection. Operational staff benefits from specific recommendations for increasing enterprise security.

Penetration Testing

Newstrom & Associates penetration testing evaluates clients’ business technologies for weaknesses. Testing overall enterprise security provides a safe, effective way to find out if intruders can penetrate our clients’ networks. Testing provides the basis for taking specific steps and reducing risk to acceptable business levels.

Complexity in technology is the enemy of security. Yet, business technology is always becoming more and more complex. Public servers, Internet connections, telecommuters, desktop applications, network devices, constant code updating, and other complexities are inevitable. Each offers a new path into trusted business networks. When intruders find those paths, the results are countless: public embarrassment, interrupted business, lost trade secrets, and lost money, to name a few.

Newstrom & Associates penetration testing minimizes risks, identifying intrusion paths and creating blocking plans before the paths are found and exploited by unwanted intruders.

Intrusion Response

Whether our clients need to prepare to meet intrusions or are in the midst of a violation and need immediate assistance, Newstrom & Associates can help.

Security policies developed with Newstrom & Associates assistance help clients define all of the steps and components for protecting valuable information-based resources before an attack occurs. Possible threats are determined, and the necessary actions are described. A documented plan and set of procedures are established in order to mount a coordinated response.

When a client needs help in responding to an actual incident, Newstrom & Associates assists in containing the attack. Working onsite, analysts quickly and reliably identify the events that threaten security posture. Impact, scope, severity, and containment options are then determined. Countermeasures are developed to contain and then to halt the intrusion while minimizing as much as possible the impact on core functions. When legal verification of an intrusion is required, Newstrom & Associates works with clients to gather and prepare the evidence.

Sources:                                                                                                               *Carnegie Mellon Software Engineering Institute; CERT Coordination Center

** 2002 CSI/FBI Computer Crime and Security Survey