|
Services
|
|
|
|
|
|
Security Assessments
E-Planit Systems Inc. provides insightful and thorough analysis of the state of the
security
of your information systems. We help you see circumstances in your systems' designs,
configurations, and/or deployments that create vulnerabilities to security breaches.
Then, we can help you understand your options for making changes, improvements, or
adaptations - ones that are appropriate for your needs.
Our assessment services include:
- Asset Identification
-
A basic insight into your security requirements is to fully understand which assets are
to be protected, and the value of those assets to you.
- Threat Modelling
-
Threats that can affect your valued information assets are analyzed. We look at
possible compromises and the potential consequences to you.
- Vulnerability Assessment
-
With the possible threats to your assets evaluated, we proceed to determine the
the vulnerabilities that exist in your particular organization and systems.
- Recommendations
-
Our assessments will provide you with the knowledge and perspective to make wise
and effective security investment decisions. We profile your risks and vulnerabilities
based on asset value and the threat model. These insights help you see where it's most
important to invest in new or improved countermeasures.
And, the solutions we recommend will incorporate established industry best-practices,
and will utilize and adhere to standards wherever possible.
|
|
Identity and Access Management
One of the most fundamental functions of information security is
knowing who is accessing and using
systems and applications. Because user identity is so fundamental, mis-management
of user accounts and credentials (i.e. passwords and certificates) can be a significant vulnerability
across your systems.
The sheer scale and diversity of an organization's information systems makes Identity Management (IdM) a
tough problem for an organizations to solve by itself. One must have a well-defined and properly executed
systematic approach to ensure that user's accounts and access credentials are kept up-to-date. Achieving
this via manual efforts or paper-driven procedures becomes nearly impossible over time and as the number
of systems in the organization grows.
Furthermore, systematic and audit-able management of user accounts is now mandatory for certain
industries, such as the healthcare industry under the Health Information
Portability and Accountability Act (HIPAA). Such management of users and their access is
also beneficial for compliance under Sarbanes-Oxley (SOX) and various state Privacy laws
(such as California's SB-1386 Security Breach Information Act).
E-Planit Systems can help you establish and manage
identity and access controls in several ways:
- Strategy for Identity and Authorization Management
-
Consistent with our philosophy, we always
begin our work by understanding your goals for protecting your assets and
privacy. This forms the basis of your information security policies which
will govern who is accessing your systems, and what they're able to do.
- Automated Provisioning
-
The term provisioning refers to the creation, maintenance,
and deactivation of end-user accounts, user attributes and security
definitions (e.g. ID's and passwords, roles) in one
or more systems, directories or
applications, in response to automated or interactive business processes.
There are an ever-increasing number of products on the market which
provide (or claim to provide) provisioning capabilities. Critical
to a successful provisioning solution is a clear understanding of
your requirements, and the integration challenges with your specific
systems. We can help you understand and articulate your requirements,
and help you select and qualify vendors and solutions. And we won't stop
there - we'll help you implement and deploy your provisioning solution.
- Authentication and Authorization
-
Protecting online, realtime access to your systems is "where the
rubber meets the road" for security solutions. Validation
of user logins, and verification of authorization for their
activities must be effective, efficient, and especially
accurate.
|
|
Secure Software Design and Development
The current trend in information security is to apply security solutions to the exterior of
networks and application platforms. This has lead to a saturated and confusing market of
firewalls, gateways, and filtering software. Despite the continuing evolution of these
products, successful attacks using viruses, worms, and other malicious payloads is increasing!
So why is this? The problem is that these products and techniques are inherently limited
in their abilities: they must know in advance what specific criteria are to be used to
block and filter. In our world, that criteria changes daily and hourly - and often cannot
be known in advance. The real vulnerabilities are in the applications themselves.
Our foundation is software engineering and
information security. Working with
E-Planit Systems' experienced people, you can achieve secure applications.
- Secure Software Architectures for Information Systems
-
- Secure Programming Practices & Discipline
-
With our backgrounds in software engineering and security, we can
provide you and your development team with helpful design consulting,
security code reviews, and software development. We believe that
including security concerns into all phases of the lifecycle of
software is key to a comprehensively secure system. Topics we
can address with you include:
Topics we
can address with you include:
- Preventing injection attacks
- Avoiding buffer overflow vulnerabilities
- Parameter validity checking
- Web Services Security
-
Today's computing paradigm is moving towards more distribution, as
exemplified by maturing Service Oriented Architecture (SOA) models. Here,
the goal is achieving meaningful applications by combining and orchestrating
loosely-coupled programs that are invoked via messages being passed over a
a (generally SOAP) protocol.
- Secure Usage of Encryption and Digital Signatures
-
- Selection of Algorithms, Key Sizes, Operation Modes
- Key Management & Distribution and other
Operational Security (OPSEC) considerations
- Software Engineering and development practices
|
|
