| CISSP Security Consulting |
|
Synesis offers the services of security consultants who have earned CISSP Certification. CISSP Certification recognizes mastery of an international standard for information security. ANSI (American National Standards Institute) has granted the CISSP credential accreditation in the area of information security under ISO/IEC 17024. Synesis can provide a CISSP-certified consultant to help your enterprise in a broad range of security areas including:
|
- Security Management Practices
- Security Architecture and Models
- Access Control Systems and Methodology
- Applications Development Security
- Operations Security
- Physical Security
- Cryptography
- Telecommunications, Network and Internet Security
- Business Continuity Planning
- Law, Investigation and Ethics
|
|
Security Management Practices
|
|
Security management entails the identification of an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines. Management tools such as data classification and risk assessment/analysis can be used to identify threats, classify assets, and rate system vulnerabilities so that effective controls can be implemented.
|
|
Security Architecture and Models
|
|
This covers the concepts, principles, structures, and standards used to design, monitor, and secure operating systems, equipment, networks and applications plus the controls used to enforce various levels of availability, integrity and confidentiality.
|
|
Access Control Systems and Methodology
|
|
Access controls are a collection of mechanisms that work together to create a security architecture to protect the assets of the information system.
|
|
Application Development Security
|
|
This addresses the important security concepts that apply to application software development. It outlines the environment where software is designed and developed and explains the critical role software plays in providing information system security.
|
|
Operations Security
|
|
Operations Security is used to identify the controls over hardware, media, and the operators and administrators with access privileges to any of these resources. Audit and monitoring are the mechanisms, tools and facilities that permit the identification of security events and subsequent actions to identify the key elements and report the pertinent information to the appropriate individual, group or process.
|
|
Physical Security
|
|
This provides protection techniques for the entire facility, from the outside perimeter to the inside office space, including all of the information system resources.
|
|
Cryptography
|
|
This concerns the principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity.
|
|
Telecommunications, Network and Internet Security
|
|
This area involves:
|
- Network Structures
- Transmission methods
- Transport formats
- Security measures used to provide availability, integrity, and confidentiality
- Authentication for transmissions over private and public communications networks and media.
|
|
Business Continuity Planning
|
|
The Business Continuity Plan (BCP) addresses the preservation and recovery of business operations in the event of outages.
|
|
Law, Investigations and Ethics
|
|
This covers:
|
- Computer crime laws and regulations
- The measures and technologies used to investigate computer crime incidents
|
|
