Network Security Consulting Firm: Expert Security Consultants
Miles consulting Corp., a leading network security firm, has
been developing and utilizing a variety of tools and practices that can protect
your business internally and externally without hindering your business processes
or communication. The greatest threat to your business
today is internal hacking. Internal, from your own employees: the people who know
your business inside and out. The days of being able to have your e-mail servers,
domain controllers and ERP servers on the same subnet with no access controls between
workstations and servers is over. However, internal security is often given a lower
priority and put on the back burner while the perimeter is being fortified.
PPC's network security consultants follow the Recommendations of the National Institute
of Standards and Technology for IT Risk Management Analysis. There is
a structure and methodology to risk analysis, followed by a risk mitigation
process. Risk mitigation includes a cost benefit analysis, mitigation options
and strategy and approach for a controlled implementation.
Our risk assessment process includes identification and evaluation
of risks and risk impacts, and recommendation of risk-reducing measures. In assessing
risks for an IT system, the first step we take is to define the scope of the effort.
In this step, the boundaries of the IT system are identified, along with the resources
and the information that constitute the system. Characterizing an IT system
establishes the scope of the risk assessment. Identifying risk for an
IT system requires an understanding of the system’s processing environment. As a
network security consulting firm, our first step is to collect system-related information,
which is usually classified as follows:
Additional information related to the operational environmental of the IT system
and its data includes, but is not limited to, the following:
- System interfaces (e.g., internal and external connectivity)
- Data and information
- Persons who support and use the IT system
- System mission (e.g., the processes performed by the IT system)
- System and data criticality (e.g., the system’s value or importance to the court)
- System and data sensitivity.
Any, or a combination, of the following techniques will be used in gathering information
relevant to the IT system within its operational boundary:
- The functional requirements of the IT system
- Users of the system (system users who provide technical support to the IT
- System or application users who use the IT system to perform Court functions)
- System security policies governing the IT system.
- System security architecture
The analysis of the threat to an IT system must include an analysis of the vulnerabilities
associated with the system environment. The goal of this step is to develop a list
of system vulnerabilities (flaws or weaknesses) that could be exploited by a potential
- Questionnaire -To collect relevant information, our risk assessment personnel can
develop a questionnaire concerning the management and operational controls used
for the IT system. This questionnaire would be distributed to the applicable technical
and non technical personnel supporting the IT system. The questionnaire could also
be used during on-site visits and interviews.
- On-site Interviews - Interviews with IT system support and management personnel
will enable our risk assessment personnel to collect useful information about the
IT system (e.g., how the system is operated and managed).
It should be noted that the types of vulnerabilities that will exist, and the methodology
needed to determine whether the vulnerabilities are present, will usually vary depending
on the nature of the IT system . During this step, our risk assessment
personnel determine whether the security requirements stipulated for the IT system
and collected during system characterization are being met by existing security
controls. If you are in a niche industry, we will utilize the industry
specific network security assessment (e.g.
Payment Card Industry security assessment). For most businesses, a
thorough IT Security Audit is performed.
We will use a security requirements checklist will be that contain the basic security
standards that can be used to systematically evaluate and identify the vulnerabilities
of the assets (personnel, hardware, software, information), non-automated procedures,
processes, and information transfers associated with a given IT system.
Security controls encompass the use of technical and non-technical methods. Technical
controls are safeguards that are incorporated into computer hardware, software,
or firmware , such as access control mechanisms, identification and authentication
mechanisms, encryption methods, intrusion detection software). Non-technical controls
are management and operational controls, such as security policies; operational
procedures; and personnel, physical, and environmental security.
Please contact our network security consutling team who will be happy to answer
all of your questions on our security practices.