Security Services: Assurance Services

Having mitigated risks to a degree that is comfortable to an organization's management, it is very critical that this remains that way. To achieve, organizations should adopt a risk management framework whereby they will be able to use this model to continually assess risks.

Risk posture can change due to a variety of reasons. These include changes in the computing environment of an organization, personnel changes, expansions, new vulnerabilities and threats, new partnerships etc. Thus it is imperative to assure top management that their business remains secure throughout these changes.

Paramount can help an organization through this critical stage by partnering with them as their security services provider to ensure a safe and reliable computing environment.

Paramount has the following service offerings in this space to provide assurance.

Assurance
Certification Readiness		On Site Security Management			Assimilate Security Procedures
BS7799 - ISMS	BS15000 - IT Service Management	Patch Management	Security Device Management	Hardening Systems	Training / Awareness Programs

CERTIFICATION READINESS

BS 7799
When an organization is planning to go in for BS 7799 certification and has already implemented control towards meeting this objective, it is important that they reassure themselves that they are ready for certification. Top and senior management in particular require an independent verification of the status of the implemented controls.

Paramount can provide this assurance by performing a pre-certification audit of the implemented ISMS (Information Security Management System) setup. PCS achieves this through a phased approach wherein we study the organizations business needs, requirements for the ISMS and the need for each control implemented. PCS uses a risk based audit approach to evaluate the effectiveness and efficiency of the control in operation.

Paramount winds up the pre-certification audit by providing management with the status of their implemented ISMS and the likelihood of acquiring certification, Being BS 7799 certified ourselves, and having vast experience in helping clients achieve certification, we understand exactly what accredited auditors look for while auditing an organization towards BS7799 compliance. In case of any discovered gaps, management is provided with the best approach to reducing this gap and thereby to comply with the standard.
[top]

BS 15000
Most organizations today have as part of their IT setup some form of Service management implemented. This will include processes that cater to service management and processes that cater to service support.

BS 15000 is a standard from BSI that will help organizations certify their IT service support and management processes. PCS will help audit such process implemententations to ensure that the organization is ready for certification.

PCS consultants will as part of this pre-certification audit review the service support and management implementations thereby assuring management to the readiness of the system. This is a confidence building measure for the organizations' top management.
[top]

ON SITE SECURITY MANAGEMENT

Patch Management
Paramount will provide, as part of this service, a trained and skilled engineer to be deployed on-site with the client. This engineer will be able to check for the relevant patches released by software vendors (like Microsoft), and will download them from trusted sources.

He will then test the patches in a test setup provided by the client. Very often, patches downloaded and installed without a proper testing process can crash the system due to incompatibility issues.

Paramount will then provide the client with a rollout program to implement the patch across the organizations servers and related computing equipment. PCS can augment this service by also providing engineers to implement the patch across an organization.
[top]

Security Device Management
Technology plays a vital role in securing an organization's assets. Security devices like firewalls, Intrusion detection systems require a lot of customizations and management to ensure return on Investment. Installing a firewall out of the box without any customization or management is akin to not having it there in the first place. To complicate matters, each of these devices shoots off hundreds of log entries pertaining to system, application and security events. Monitoring of these logs is crucial as part of a detective control measure. To add to this issue is the fact that most organizations use the network team to double as security staff thereby not doing full justice to either role. Bandwidth constraint is a serious issue that will complicate a security incident.

Paramount engineers as part of this service will help organizations by taking this headache away. PCS engineers can customize any security device to an organizations setup and business requirement. They come with expertise to enable accurate log monitoring, filtering of false positives and enablement of accurate notifications to administrators. These engineers will also help an administrator trouble shoot the management of security devices.
[top]

Hardening Systems
Numerous vulnerabilities exist in systems with default configurations. These could be Windows based systems or systems based on UNIX platforms. These could also include security devices. There are today various threats (published and unpublished) that can exploit these vulnerabilities. Most organizations do not need all the services running on systems by default.

Paramount consultants will, as part of this service offering, study the business an organization is in to map out the IT services that are actually needed to support the same. PCS will work with the organization's administrators to shut down unnecessary services and ports thereby hardening the systems.

PCS engineers have skilled expertise and understanding to add value to an organization in hardening systems. The services left running will be only those necessary to support the business processes of the client.
[top]

ASSIMILATE SECURITY PROCEDURES

"The security chain is as strong as its weakest link." People happen to be the weakest link in any security chain. As security is part process, products and people; organization staff can form a serious vulnerability.

Organizations' staffs are a liability due to the following reasons.

They can be subject to social engineering
They could also intentionally perform malicious acts
The could unintentionally cause damage to data through operator error

To prevent the above from a due care and disciplinary perspective, it is critical that the staff and personnel at all levels are trained on all aspects of security. This involves training IT/ Security administrative personnel in handling and managing security products, training end users on security best practices, training on physical aspects of security etc.

Paramount consultants can undertake training sessions at all levels to the client's staff to ensure that security gets built as part of their culture.

Paramount consultants will also help a client to establish an ongoing security program that will deliver regular security training sessions.
[top]

	Preamble
	Our Belief, Vision, Mission
	Our Values
	Quality Philosophy
	Leadership
	Making of Paramount
	Partnership
	Paramount Difference

	Product Value Chain
	End point Security
	Content Filtering
	Fire Wall/VPN
	Intrustion Detection
	Authentication
	Threat Management
	Anti Virus/Anti Spam
	WLAN Security
	Single Sign On
	Security Event Manager
	Vulnerability Mgt. System

	Service Overview
	Assessment Services
	Mitigation Services
	Assurance Services

	Overview
	Certified Product Trainings
	CISSP Certification
	BS7799 Training
	Information Security Fundamentals

	Client List
	Case Studies

	Overview
	People Progress
	Career Progression
	<< Join Paramount

Current Openings
Apply On-Line

White Papers & Articles
Presentations
Critical Vulnerability

	Trend Micro
	RSA
	Web Sense
	Juniper Networks / Netscreen
	Other Products