Security Programs to Support Your Business Mission
Information Security Assessment & Compliance Services
- Enterprise Risk Assessments
- Technical Security Assessments
- Compliance Assessments and Management
- Application Vulnerability Assessments
Enterprise Risk Assessments
Every stable security posture begins with an enterprise risk assessment. GlobalWatch Technologies uses proven standards from recognized organizations such as NIST, ISO, and BSi to assess the criticality of information, network, physical and application assets in support of the business mission.
We reference the following standards in our work:
- NIST 800 series
- ISO 17799
- BS 7799
- NSA
- Other Specific
Technical Security Assessments
Usually completed after an enterprise risk assessment, technical security assessments are performed to provide a clear and overall picture of perceived versus actual security posture. GlobalWatch Technologies performs all of the various levels of technical security assessments outlined below to ensure the best possible view of your security posture.
Vulnerability Assessments
Vulnerability Assessments are an assessment of your information systems, controls and procedures. We follow proven and accepted methodologies and procedures when performing these assessments such as the National Security Agency’s Information Security Assessment Methodology (NSA-IAM). We also utilize unique tools which greatly reduce the time it takes to do vulnerability and compliancy assessments while improving the management and tracking of the process.
GlobalWatch Technologies performs non-intrusive assessments as well as vulnerability scans that are more intrusive, but are thorough in their scope using industry standard tools as well as unique tools to give our customers the best value for their assessment dollars.
Penetration Testing
The next level of vulnerability assessment is much more intrusive to the system as a hands-on assessment of the controls and procedures currently implemented. Also known as a penetration test, the boundaries of the test and the metrics to measure success are defined before testing. It can take many forms and can be performed from many different perspectives such as internal, external, web and application. GlobalWatch personnel are well versed in all aspects of penetration testing and can wear white, gray and black hats during penetration testing exercises.
Design & Architecture Assessments and Review
A good security posture starts with a solid architecture. GlobalWatch Technologies performs an assessment on your system or software architecture before the development process begins. This is often the most cost effective time to catch security issues because the remediation is less time and resource consuming.
Wireless Network Security Assessment
Wireless networks are an increasingly expanding segment on enterprise networks. They can also pose the largest security risk to an infrastructure due to the inherent security flaws in their implementation. GlobalWatch Technologies specific wireless network expertise to assess your wireless infrastructure’s security posture. Our findings can then be implemented into a solid wireless security plan.
Compliance Assessments and Management
Compliance affects all organizations, both commercial and federal. GlobalWatch Technologies fully understands the intricacies and the multitude of interpretations these regulations bring with them. We also utilize cutting edge tools to automate the assessment process reducing the time to complete the assessments as well as increasing the management and visibility into the progress of the assessment project.
-
SOX-Sarbanes-Oxley Sections 302, 404, 409
While Sarbanes-Oxley compliancy does not directly reference information security, section 404 dictates the integrity of financial systems and processes used in organizations, which typically fall into the realm of information security. It also tasks these organizations with assessing the effectiveness of its internal control structures. GlobalWatch Technologies assists you organization in measuring the effectiveness of its current controls as well as recommending and implementing additional controls to ensure and maintain compliancy.
-
HIPAA-Health Information Portability and Accountability Act
Nowhere are compliancy standards more prevalent than in the healthcare arena. Whether it is the protection of Personal Health Information across system boundaries, or applying audit controls to the disclosure of that information, GlobalWatch Technologies provides the expertise needed for your organization to maintain its compliancy.
-
GLBA-Gramm-Leach, Bliley Act
Also known as the Financial Modernization Act of 1999, the GLBA stresses the privacy and confidentiality of personal financial information. GlobalWatch Technologies assists your organization in assessing their current compliancy posture and recommending and implementing the necessary controls to assure your compliance.
-
FISMA-Federal Information Systems Management Act of 2002
Federal Government Agencies are required to secure their Information Systems for face budget repercussions under FISMA. Contractors to the Federal Government who house or maintain federal data are also required to comply with FISMA. GlobalWatch Technologies, through it’s assessment, security technologies and integration, and management practices, ensures compliancy for your agency or organization.
-
Certification & Accreditation
GlobalWatch Technologies has an excellent C&A practice that utilizes skilled personnel with a long history of C&A on federal systems for many different agencies.
-
HSPD-12-Homeland Security Presidential Directive-12
GlobalWatch Technologies is uniquely positioned to assist agencies with HSPD-12 plans and implementation. We leverage our expertise in identity and access management and physical security to create actionable programs.
-
New and Pending Compliance Legislation
Several new forms of legislation are in process targeting the prevention of identity theft, many with severe financial penalties for privacy data compromise. GlobalWatch Technologies follows this legislation closely and can help your company stay in compliance once enacted.
Application Vulnerability Assessments
Code Design & Review
GlobalWatch Technologies’ expert software engineers and architects assess your current applications as well as projects in development for security posture and overall attack surface.
Implementing Security Into the Software Development Life Cycle
GlobalWatch Technologies assists your development groups with implementing a security component into their software development life cycle.
Vulnerability Assessments for Applications
By focusing on the application architectures and methodologies, GlobalWatch Technologies helps eliminate current and future vulnerabilities that could be exploited in your applications.
Penetration Testing for Applications
GlobalWatch Technologies takes vulnerability assessments to the next level on beta and production applications. By doing an in-depth penetration test on applications, organizations can see currently exploitable weaknesses in their applications and fix them before they become a legitimate liability or cause a measurable loss to the organization. It also serves as a learning experience for internal development groups to see exactly where their code is weak from a purely objective security standpoint.
Remediation Services
GlobalWatch Technologies not only discovers problems in applications and systems, we can recommend expedient measures to shore up the security posture of applications. We recommend appropriate remedies for issues found or do the actual implementation and shoring using our own software engineering group.