 |
|
|
| Managed Security Services |
|
- IT Risk Management, Information
Risk Management, IRM,
- Including laws, compliance, SOX, SAS70, mitigation of
IT risks.
- IT Project management - IT Security Acceptance
Criteria. Program Management
- Global Security Standards. All IT security subjects
and areas, including:
- Encryption
- Authorisation and Authentication
- Information security and encryption of data held in
storage, database encryption
- Access controls
- Application features and functionality
- Auditing, logging and monitoring
- Segregation of responsibilities
- Remote access controls
- Management of IT Security at outsourcers, outsourced
systems, off-shoring, vendors, applications and installations
- IT Risk assessments. Application risk assessments,
vendor product evaluation and application assessments,
vendor service solutions and outsourcing risk assessments.
- Information Security and IT Security Application
Requirements Specification, BRD's, Business Requirements
Definition
- Application and Vendor Product Evaluation and Selection,
COTS Applications security
SDLC Tollgate Management and Security Sign-off:
Application production enablement specifications, tollgate
requirements, security tollgate sign-off prior to production
deployment. Systems acceptance.
- IT Security sign-off of new systems from development
to production environments
- Vendor management of IT Security areas including
RFP's, RFI's, PQQ's, SLA's, CAB, change authorisation
board, application IT security acceptance criteria, covering
security global standards, data protection and legal requirements
world-wide.
- Vendor application Risk analysis, SWAT analysis of strengths,
and risks
- Does the application pass security muster?
- How highly is this system security rated?
- IT Security sign-off of major system changes, EWO's
work orders, ECM's, ITSR's,
- National, European, and International Data protection
and IT Security Legislation;
- Information security strategy. Design, monitoring,
and implementation
- Information Security and IT Security legal advice
and guidance. Compliance. FSA. IT SOX. Our legal services
are second to none. We advise on all aspects of data
protection contracts, clauses, risks and review of
IT contracts, vendor contracts, supplier, outsourcers,
SLA's, and IT suppliers.
- Third party and vendor contract review for data
protection and IT security clauses, provisions and
safeguards,
- Database Security, Oracle security, SQL Databases;
MS Access
- IT Security Architecture and design.
- Review of IT Architecture and design documents.
- Security best practices
- Web security architecture review
- Secure web Tiers, Authentication Tiers, Application
Tiers, Database Tiers.
- SOA Security, SOA Security strategy, Identity
management, SSO, Single Sign-on, WSS, Web Services
Security, XML Security Gateways, XML Firewalls, ESB
Security Architecture, Authentication Services, Centralised
Security Management; eCommerce security
- The new strategic direction of SOA which covers virtualisation,
interoperability, and reusability. Mitigation of IT
Risks associated with these changes in strategic direction.
- Security Policies, business processes, designed
and implemented
- Cryptography, Encryption technologies, networks,
point to point encryption, data encryption,
- ITIL Security Service management, IT Security
domain areas, security management, CAB, change management,
RCA, root cause analysis, incident management, problem
management, Security service management
- The IT Infrastructure Library is a global service
level standard in IT service delivery. It consists of
numbers of manuals covering IT service delivery standards
such as Incident management, Change Management, including
IT Security Management.
- IT Change management.
- Firms go through changes to their IT systems, purchasing
new applications, or implementing major IT changes.
- MIG7 manages the IT
risk to the information and security of IT systems.
Especially vendor relationships, contracts, and
third parties.
- Datacenter Security
- Review of in-house and outsourced datacenters
- Secure application build, writing secure code,
code standards, code reviews.
- Perimeters and Firewalls, Hardening systems,
Operating systems, DMZ's,
- Virtualisation risks, Hypervisor security, controls
over multiple virtual environments, and networks. VMWare
security.
- Industry specific requirements, financial services
industry, FSA, PCI requirements, Anti Money Laundering
requirements.
- ASP management, ASP security. Contracts with
ASP's
- Information security metrics, monitoring and
management
|
|
|
|
|
|
 |
|
|
 |
|
|
What
we do
 Information
Security
eCommerce
& Web Security
Application
Security & Risks
Enterprise
Security
Identity
& Access Management
PCI Data Security Standard |
|
IT
Security
IT Risk Assessement
Data
Protection
IT
Security Architecture
SOA
Security & SSO
Outsourcing
and Offshoring IT |
|
|
|
|
Why
us
Dedicated
specialist firm
Leading
edge knowledge base
We
focus on Implementation and
Results |
|
IT
Risk Management Experts
Assurance
and peace of mind |
|
|
|
|
