In information security, access control is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization. Locks and login credentials are two analogous mechanisms of access control. The underlying principles of access control systems and how to implement, manage and secure those systems, including internetwork trust architectures, identity management and various access control frameworks.
- Access Rights Administration
- Network Access
- Operating System Access
- Application Access
- Remote Access
We will evaluate that their ability is to restrict access to system resources.
We will assess encryption controls, where appropriate. Encryption is a key control used to secure communications and data storage, particularly authentication credentials and the transmission of sensitive information. We will evaluate:
- Cryptosystem effectiveness
- Encryption key management
- Encryption types
We will evaluate your system development, acquisition, and maintenance functions and assess the establishment of security controls into software prior to development, acquisition, and implementation.
We will evaluate controls over sensitive information on media such as paper documents, output reports, back-up tapes, disks, cassettes, optical storage, test data, and system documentation. Protection of that data requires protection of such media. We will evaluate:
We will evaluate your controls over outsourcing arrangements, ensuring that such arrangements provide an effective means to support the institution’s technology needs while retaining your responsibility for managing risk. We will evaluate:
- Due diligence
- Control and Security SLA’s
We will assess your ability to maintain the confidentiality, integrity, and availability of information, and evaluate the assurances provided by physical access controls. We will review:
- Data Center Security
- Cabinet and Vault Security
- Physical Security
We will evaluate risks and vulnerabilities posed by malicious code. Malicious code is any program that acts in an unexpected and potentially damaging way.
We will evaluate controls over legitimate users concerning their access and credentialing for system access necessary to perform their duties. Because of their internal access levels and intimate knowledge of educational institution processes, authorized users pose a potential threat to systems and data. We will evaluate:
- Background checks and screening
- Agreements: confidentiality, non-disclosure, and authorized use
- Job descriptions
- Training (Initial as well as continuing)
We will assess that the reasonable steps to ensure that sufficient data is collected from secure log files to identify and respond to security incidents and to monitor and enforce policy compliance. This control area is critical for an effective response program.
We will assess your capability to detect and react to an intrusion into your information systems. Security systems must restrict access and protect against the failure of those access restrictions. However, detection and response capabilities must detect and react to intrusions when those systems fail. This control area is critical for an effective and appropriate response program.
We will evaluate:
- Intrusion Detection capabilities
- Intrusion Response capabilities
- Incident handling procedures, including risk escalation and notification.
Benefits of Doing Business with Topgallant Partners
- Document Your Organization’s Due Diligence
Topgallant provides verification and validation of an organization’s adherence to best practices and compliance with government regulations.
- Identify Security Vulnerabilities Before They Become a Problem
No infrastructure is perfect and non-susceptible to attack and security holes and lapses.
- IT Risk Assessment Preempts Surprises
There are some things you can’t defend against, no matter how many firewalls you erect.
- Topgallant is a Technical Consulting Firm Not a Reseller, Manufacturer or VAR
We are going show you how to solve your security issues not sell you a box to solve those problems.
- We Help Determine Organizational & Industry Security Requirements
Good security has a lot to do with adherence to established security policies and practices.
- Risk Assessment Establishes the Big Picture
Topgallant’s IT Risk Assessment is more than running a vulnerability scanner against a network segment and creating a prepackaged report.
- A Proven Record in IT Security and Experience
Topgallant Partners has been providing IT Risk Assessment Services since 2004.
- A Focus on Security Standards
Topgallant believes that Security is not industry dependent but Standards Based Dependent meaning that best practices provide the best protection