Translating business requirements into IT resources is always a challenge. It is a greater challenge when security is involved. IT staff need to fully understand their business’ mission-critical requirements. Then, they need to find the sets of ways to allow the enterprise to conduct its business while ensuring that the business’ information is available, confidential, and secure.

Misunderstandings can be costly. Critical information may be inadequately secured, and non-essential information may even be over-secured

ACPL’s Information Risk Management (IRM) practice provides a complete range of independent Consultancy services addressing all aspects of information security, business continuity and risk management at both technical and management levels.

Our Consultants help and advise clients in attaining their business objectives by using our Business Objectives Oriented Risk-based (B.O.O.R.A) methodology to all projects. They are equipped to engage in assignments from either a top-down perspective - addressing the totality of a client's IT infrastructure or business operations - or through focused engagements addressing previously identified areas of concern or risk.

Security Reviews & Gap Analysis

Helping you in identifying the key opportunity areas for improvement.
We can assess your current security arrangements for areas of shortfall, determine where you need to be and make recommendations where controls need improving in order to get you there. Using our proven methodology, we can deliver a business vulnerability profile, which maps your IT, systems and facilities in order to identify your areas of vulnerability, key risks and their associated impacts as well as providing remedial actions.
Information Security Reviews and Gap Analysis Includes:

• Building Asset-Based Threat Profiles. ACPL Consultants examine key enterprise-wide information assets, the specific threats to those assets, the resulting security requirements, existing security practices, and potential vulnerabilities.

• Identify Infrastructure Vulnerabilities. ACPL Consultants evaluate the key operational components of each client’s information infrastructure and uncover possible technology flaws that can be exploited.

• Developing a Security Policy, Strategy, and Plan. Based on the specific information developed in the steps above, ACPL Consultants work with management to establish a tailored, effective protection strategy for each client. Security policies developed for each are based on prioritized risk assessments, the available or necessary assets, and the organizational requirements for mitigating risk.

Methodology:
• Detailed review of various components in the IT infrastructure and the vulnerabilities therein
• Assessment of current IS security system tools and processes
• Impact Analysis
• Prioritization of security fixes
• Comparison of the existing policies with industry best practices and recommendations thereof.
• Increase the security by re-configuring the existing components and systems and without adding any new components, to the extent possible.

Security Strategy & Architecture :

Helping you in choosing the right design and technology by :

Assessment of Information System Architecture, Assessment of Information Security Architecture And recommending solutions for gaps identified

Not all information assets are created equal. For organizations that value their IT assets, developing a comprehensive security strategy and architecture is a sound investment .One of the first steps in developing a practical Security strategy is examining the information assets specific to your business. Such assets can be broadly categorized as those requiring contractual and legislative compliance, those needing virus prevention, or those critical to business recovery after a security compromise.

ACPL consultants examine the business value of your information technology and assets, and works with your staff to create a custom-designed security strategy and incident-handling procedure that protects your strategic assets.Our security architects work with you to create the policies, standards, and procedures needed to secure your enterprise. ACPL 's most experienced consultants apply industry-standard "best practices" while working with your staff to tailor a plan that is as unique as your organization.
Using our knowledge of industry standards and best practices, we address issues such as:

  • Asset classification and control
  • Network management
  • Virus management
  • Business continuity and disaster recovery
  • Incident response
  • Physical security controls
  • Compliance with security policy

Our analysis of your information results in a corporate security strategy that clearly states your Security objectives and explains your specific security requirements. The strategy also describes general and specific roles to be filled by employees, assigns responsibility for executing the various aspects of your information security program, articulates a comprehensive process for reporting and responding to security incidents, and establishes a process for maintaining the security strategy .

At ACPL we help our clients define, achieve, and maintain enterprise-specific information security goals. In the fast moving arena of information technology and eCommerce, it is a constant challenge for companies to balance their business goals with the business risks of using (or not using) technology .Our Security Consultants understand the need to keep pace with technology and take advantage of the tremendous opportunities offered by technological innovation, but are also aware of the risks involved and the responsibility at the Board level to control those risks. .

ACPL is a trusted guide for developing client-centered comprehensive information security strategies. Our Security strategy programs are client-centered, reflecting the needs, business patterns, and direction that are unique to each enterprise.

Security Strategy Includes:

Strategic Assessment
ACPL determines your organization’s security posture. Reports show the steps needed to move from reactive and/or fragmented to proactive and/or unified practices. Studies may cover:
• Organization Assessment, to see how current security functions fit the needs of the overall business.
• Framework Gap Analysis, to compare current security functions with our best-practice model.
• Security Benchmarking, to measure current security functions against those of other organizations of the same size in the same industry.

Strategic Planning
ACPL works with each client to develop long-term plans for building a proactive, comprehensive security process focused on business-specific needs. Services may include:
• Security Process Engineering, to design the structure of future security programs and establish a path for getting there.
• Security Accreditation, to identify regulatory business requirements, determine how to address them and take steps to assure regulators, customers and others of the presence of necessary security measures.
• Access Control Design, to balance user need for access to the enterprise with the enterprise’s need for security.
• Privacy Infrastructure Design, to build privacy into the infrastructure framework and thereby provide security strength for the long term.
• Security Awareness and Training, to educate staff at every level so that they understand and can properly implement the security processes.
• Security Implementation Planning, to help ACPL clients design and implement the technical aspects of their security processes.

Security Policy :

ACPL evaluates each client’s requirements for security policy. Some of these requirements are organization-specific. Others may involve compliance, whether legislative or contractual. Still others, such as virus prevention, reflect good business practices in an Internet environment.
ACPL consulting team works with each client’s management and operational staff to develop plans that are based on “best practices” from industry standards for security in organization, personnel, physical controls, asset classification and control, network and computer management, application development, and compliance.
Security Policy Deliverables

At a minimum, the security policy that is developed includes:
• Defining information security clearly and providing a statement of management’s security standards.
• Describing specific security requirements, such as:
• compliance with legislative and contractual requirements,
• education, detection, and prevention,
• standards for ensuring business continuity,
• roles and responsibilities,
• processes for reporting suspected security incidents, and
• maintaining the security policy document itself.
Security Policy Consulting Includes:
• Reviewing each client's business and the related security goals and requirements.
• Assessing current IT strategy and security concerns, as well as new developing requirements for security management.
• Comparing and contrasting existing security strategies to best practice standards and business expectations.
• Providing clear security policies for management and for operational staff.

ACPL works with each client to develop an effective, responsive security policy. Security involves people as well as systems. ACPL delivers security policy documents for management to use in meeting both industry-wide and client-specific security practices.
The results: Management is ensured that employees pose fewer security risks. Infrastructure management improves. Risks to customer trust and loyalty are enhanced. Infrastructure operates more efficiently.
Risk Assessment & Risk Management

Risk. The possibility of suffering harm or loss. The potential for realizing the unwanted negative consequences of an event.
In the ACPL’s Information Risk Management (IRM) practice we use quantitative and qualitative tools to enumerate our clients’ security risk exposures. Consultants lay the foundation by gaining agreement with clients about specific risks in direct relation to their missions and their essential IT assets. After these risks are identified, ACPL consultants work in cooperation with management to ensure that operational and business units work together to understand and address the information security needs of the enterprise. As a result, clients can close the gaps between business requirements and the IT resources that protect them. Risks are managed, not merely experienced.

ACPL’s Information risk assessment and risk management consultation enables clients to make information management decisions and develop effective security policies, based on management’s decisions about specific business information and its uses. The result is a program tailored to ensure critical controls and protection for each enterprise.

 
Copyright ©2005, acpl.com, All right reserved. Website by Infomedia web solutions.