The number of threats to organisations continues to grow and Information Security Management requires a broad range of technology, people and services to ensure the threats are mitigated. However managing this mix of Information Security technology, people and services is complex and having the right mix of staff is not always feasible.
OJT Investigations Group offers a range of services to assist your organisation with Information Security Management.
- Physical and Logical Security
- Security Audits
- Vulnerability Scanning
- Penetration Testing
- Computer and Phone Forensics
- Incident Response & Data Loss
Physical and Logical Security Audits
Physical Security protects the contents of the site including environmental factors like computer room AC whereas Logical Security protects the contents of the computing equipment (the data).
The Security Audit reviews the existing security strategy (if any), controls and infrastructure along with key assets and identifies vulnerabilities, risks and shortfalls .
Scanning generally occurs from inside the network but can also be performed externally and consists of assessing computers, computer system, network and/or applications for known weaknesses. Vulnerability scanners can be a one off service or installed onto the network for regular automatic reporting..
A Penetration Test is an authorised simulated attack on a computer system or network that looks for security weaknesses.
This test is commonly performed as an external test and/or on any wireless networks but can apply to most systems like VoIP..
The testing comprises of four steps.
- Gathering information.
- Identifying vulnerabilities.
- Exploiting identified vulnerabilities.
- Providing a report and remediation strategies.
Computer and Phone Forensics
Computer forensics pertains to evidence found in computers on the storage media within, the goal is to examine the media in a forensically sound manner to preserve the evidence if required for use in a criminal or civil trial.. Phone forensics operates in a similar manner.
The steps generally followed are acquisition, examination, analysis and reporting.
Incident Response & Data Loss
Incident response is an organised approach to addressing and managing the aftermath of an IT incident, computer or security incident. The goal is to handle the situation in a way that limits damage and reduces the recovery times and costs.
There are six steps for effective incident response:
- Preparation – The most important phase of incident response is preparing for an inevitable security breach.
- Identification – Identification is the process through which incidents are detected, ideally promptly to enable rapid response and therefore reduce costs and damages.
- Containment – Once an incident is detected or identified, containing it is a top priority. The main purpose of containment is to contain the damage and prevent further damage from occurring (as noted in step number two, the earlier incidents are detected, the sooner they can be contained to minimize damage).
- Eradication – Eradication is the phase of effective incident response that entails removing the threat and restoring affected systems to their previous state, ideally while minimizing data loss.
- Recovery – Testing, monitoring, and validating systems while putting them back into production in order to verify that they are not re-infected or compromised are the main tasks associated with this step of incident response.
- Lessons Learned – Lessons learned is a critical phase of incident response because it helps to educate and improve future incident response efforts.