Business Continuity and Recovery Services

Business Recovery Planning

Recovery Management Services

Information Security

Business Process Reengineering

Systems Integration Services

Project Management Services

Systems Management Consulting

Network Integration and Support

Facilities Management

Information Security

Protecting your assets is one of the highest priorities of management. The information system, administered in most organizations by the Information Technology Department, is as vital and vulnerable as any other asset. The Foster Group has extensive experience in assisting in the protection of vital company information.

RISK ASSESSMENTS

We analyze system threats and vulnerabilities to determine potential losses, based on estimated probabilities of occurrence. The risk assessment identifies assets (hardware, software, personnel, etc.) and identifies, measures, minimizes and controls uncertain events that could threaten these assets. A Foster Group Security Analyst develops specific countermeasures to reduce the risk of each vulnerability and assigns a confidence rating of effectiveness for each countermeasure. We also disclose any limitations or unusual risks associated with the use of each proposed countermeasure and provide a cost estimate of implementation.

SECURITY TEST AND EVALUATION PLANS

Our professionals provide services to help ensure the adequacy of existing safeguards by preparing and evaluating security tests and analyzing, testing, and evaluating each countermeasure in place. We will establish countermeasures to safeguard the computer facility, the ADP data, equipment, and personnel. We can monitor the system, aid in the recovery of a crashed system, and prevent the system from being compromised.

MANUALS AND PROCEDURES DEVELOPMENT

In the areas of physical and data security, written policies are critical to ensure that system and user personnel clearly understand their responsibilities and management's security objectives. The Foster Group can provide support and expertise to ensure that manuals and procedures outlining responsibilities and security goals are developed for the appropriate personnel:

• Security Manual - Develop, review, or enhance uniform security policies and procedures for system personnel (i.e. operations, administration, and management) and users of the system. The security manual should also address security scope and applicability, assign responsibilities, and reflect the short- and long-range goals of the system
• Classified Processing Procedures - Develop, review, or enhance the stringent procedures needed to control access to classified or sensitive information on computer systems, from microcomputers to mainframes reflect the specific environment in which the system is operating. The Foster Group has experience writing such procedures for a variety of processing environments.

COMPUTER SECURITY SURVEYS AND AUDITS

The Foster Group can perform a detailed analysis of the security features already in place on a system to support the overall security posture of your data center and information systems. Surveys and audits evaluate security features in the areas of software, hardware, data, operations, procedures, communications, cryptology, emanations, local area networks, office information systems, management, personnel, administration, environmental, and other areas. A checklist of over 400 questions is used to assess the overall security posture of the computer system. While this process does not replace the risk assessment, it establishes a baseline for proceeding.

• Microcomputer Security Analysis - Analyzes the usage and control of microcomputer resources, including portable storage devices (e.g. diskettes, CD-ROMs, zip drives, tape cartridges), modems, laptops, and assesses the attitude on security reflected by microcomputer users.
• Network Security Analysis - Analyzes the installed network architecture to evaluate security measures in place. Identifies additional alternatives available for securing networks of the chosen architecture and operating system. Security considerations for networks include enumerating the vulnerabilities and identifying available means to address the vulnerabilities of various network security designs.
• Telecommunications Security Analysis - Analyzes the usage and control of telecommunications resources and identifies security limitations in current environment. Evaluates security provisions dealing with dial-up lines, point-to-point, satellite, fiber optics, and other common carrier communications. Establishes the operational implications and determines the effectiveness of encryption techniques either already in place or recommended for implementation.