|
We can hear you say "Of course, who doesn't?".
Surprisingly enough, most people forget all about
security when it comes to computers. One thinks
the word "security" is magically erased
from the minds of most computer users. The reason
is unclear. But most end-users and even computer
experts who lock their doors with 3 seperate locks
can do pretty funny things when it comes to securing
their data.
| An
Ironic News |
"The
EU web site, "Safer Internet"
aiming to make the internet a safer place
for all users and take precautions against
data fraud has been hacked as of June
12-13, 2001.
Irony
aside, what was really embarrassing was
the amount of security gaps and leaks.
Although the site administrators have
made some explanations like "we are
aware that we haven't been able to make
it more secure yet..", the result
remains unaffected."
|
Not
long ago, industrial espionage was seen as the
greatest treath to companies, causing internal
damage and legal hassle with competitors. Now,
data fraud has taken its place. Now, know-how
of companies are under constant treath. Ever since
companies became accessible world-wide through
the internet, data security has become a matter
of utmost importance. Now, anybody anywhere can
tap into your knowledgebase and pull out that
bit of information that makes you "you"
and expose it to the whole world.
Is
your data in the "right hands"? In secure
hands? This may not mean much to you right now,
you might say "We have nothing to hide"
or even say "What good is our data to outsiders?
It's all technical anyway". You may have
nothing to hide but data loss, corruption, theft
or abuse may give substantial damage, both physically
and psychologically.
Besides,
having your data in the "wrong hands"
will not only affect you but all those in your
environment; your co-workers, employees, business
partners and even customers.
Data
theft, corruption and abuse may also bring you
a alot of responsibilities, financial, legal or
trust-wise.
Imagine a hacker attack at a rival site being
traced to your company. Who will your competitor
accuse?
You
are in charge of financial operations. There is
a $500,000 gap in your accounts. Obviously you
didn't do it. But then, who is responsible for
it? Will your company afford the loss?
Customer
files with a lot of confidential client information
have been stolen. You sign contracts with each
client on confidentiality. You notice that your
competitors have started using your stolen data.
Will your client trust you ever again? What if
they sue you for breaking contract terms?
Examples
can be innumerable. Today, almost all companies
are under hacker and virus attacks. Don't say
"It won't happen to me". It happens
every day. Think about those hacker attacks on
Microsoft websites. What about government web
sites? How about this news below?
June
06, 2001 - As you've probably heard
by now, Apache.org was broken into last week,
and the system was compromised. How this happened
is much more interesting then your usual "known
hole in an old piece of software" scenario
(although this was the final nail in the coffin
for Apache.org).
OK, I Understand
the Treath But What Can I or My Company Do?
You
can start by defining the information strategy
of your company. But even more urgent than this,
you should make an assessment of your current
status, namely how secure are you? How important
is your data? This, of course requires the approach
of an expert.
Our
data security experts at TANGRAM, will make an
overall data security assessment of your company.
This study includes hacker-imitating attacks -
with your permission of course - to find the security
gaps, leakages and weaknesses. This will be followed
by recommendations and the implementation phase.
Once you have secured your data, you should have
it re-tested (re-hacked!). If the test results
prove positive, it would be a good policy to have
your data security measures accredited with an
internationally accepted certification.
However,
it should not be forgotten that information systems
change over time, new methods and tools are devised
every minute. Measure-counter measure. So, even
if you have your security policy accredited, it
doesn't mean you are "hacker-proof".
Having a long term data security consultancy agreement
will ensure that your data is being kept under
constant surveillance against attacks.
Our
data security team at TANGRAM, consisting of computer
engineers, software engineers and system engineers,
all experts in data security and security audit,
is ready to serve you.
Call
us. Let us check your system security, make recommendations,
devise solutions and certify your efforts. If
your system has no security gaps and leaks, you
are lucky. But if it has gaps and leaks, you are
even more lucky because you know the solution.
Our Security Planning
Service
Our Security Planning Service (SPS) focus on helping
you with the planning process and Internet security
architecture. TANGRAM team will meet with your
staff to:
Review your business and organizational structure,
Discuss your security business drivers, vision
and deployment timing
Discuss
your IT organization, infrastructure and development
methodology
Discuss
your security organization, direction and security
architecture
Consult
on deployment planning, process and approach
Consult
on detailed offerings in the area of security,
including recommended and optional tasks and deliverables
and review of outlines of key deliverables
Present
and review together, Tangram Deployment Manual,
based on TANGRAM deployment methodology, and its
use
Answer
any questions regarding the deployment process
and architectures
Upon
completion of the planning service, you will be
provided with a complete Analysis and Approach
report tailored for your business and network
requirements.
Our
Services
·
Risk Assessments - Onsite intranet evaluations
of LAN/WAN infrastructure and Client/Server assessments.
Our engineers will come to your place of business,
take a hard line look at your organization from
a "Crackers Perspective" and give you
the vulnerability assessment for your company.
·
Security Policies - Onsite and remote consultancy
to help your business come up with data security
policies across the enterprise. From LAN/WAN to
Client/Server security policy and enforcement
management solutions.
·
Security Audits - Onsite audits of current
security policies. Our engineers come out to your
place of work and work with your team for auditing
and compliance checks of the enterprise.
·
Penetration Testing - Remote and onsite penetration
testing can be performed to access the vulnerability
of security policies and security practices. These
penetration tests will give you true assessments
of your enterprise security solutions. Penetration
tests are performed at the outer perimeter level
as well as internally to give you a true understanding
of your business site risks.
·
Remote Firewall Management - We can remotely,
manage your firewall and constantly review logs
looking for the telltale signs of hacking activity.
Our remote firewall management services can work
hand in hand with our emergency response services
to offer you the piece of mind that your network
is being watched at all times.
·
Emergency Response Management - Carefully
reviewing log files to instantly track, monitor,
log and implement counter measures to reduce the
risk associated with an attack thus remotely managing
network intrusions.
·
Information Services Sub-Contracting - Let
us assist you in your security related projects
with valuable experience and expertise to quickly
get your projects under control.
TANGRAM...
Together
for a safer you...
|
