Conduct Security Assessment
1.Identification of key personnel to be interviewed for information gathering.2.Identification of all critical and non-critical security components to be assessed (e.g. firewalls, IDS, proxy, applications, databases, etc.)3.Conduct a Business Impact Analysis (BIA) that will be used to determine the appropriate controls(technical and administrative) to develop the policies.4.Identification of all threats, vulnerabilities and security issues in each component.
Formulation of Target Security Architecture Designs
1.Conduct logical architecture design of IT security components to organize the physical architecture andimplement security in all identified architectures. The logical structure includes processes, technologyand people. It consists of perimeter security, antivirus policy, security administration, a Disaster Recovery Plan (DRP), risk and threat analysis, data security, application security, and infrastructuresecurity.2.Conduct physical architecture design to include network diagrams illustrating firewalls, mail gateways, proxies, modem pools, VLANs, Demiliterized Zone (DMZ), internal and external connections anddevices used, and diagrams of other architectures in relation to security architecture.
Construction of Policies and Procedures
Develop policies and procedures to guide employees on acceptable use. When creating these polices,client will be consulted to achieve a delicate balance between security and the ability to conduct business.
Implementation of Target Security Architecture Design
Once the conceptual design and all related policies and procedures are developed, implementation of target security architecture can begin. Projects that implement architectural changes will have a plan thatdefines timelines, budgets, and resources needed to implement these changes.
Integration of Security Practices to Maintain Secure Status
1.Change management process: Any changes to networks and other infrastructure components must gothrough this process.2.Project management methodology and guidelines will serve to guide various technology projects inthe organization. Security should be integrated into these guidelines at all stages necessary by theseguidelines.I would again like to thank you for allowing MyCompany L.L.C. the opportunity to provide for your computer and networking needs.