|
Information Risk Management & Security |
 |
 |
 |
“It is all about what you know and then what you do with that information that is important, because what you do not know and are doing nothing about is what will hurt you.”
Over the past 10+ years, information security has morphed from a “Moat & Castle” single point of entrance technology protection model to a multi-entrance “Shopping Mall” model focused on securing the business process. In short, we have witnessed the rapid disappearance of the traditional perimeter defense model as we know it. Has the perimeter really disappeared? No, but with the constant introduction of new technologies (i.e. cell phones, wireless, broadband connections, high powered PCs, iPods, USB Storage devices, PDA’s, Kiosks, etc.) it is difficult to know exactly where the end-points are. The proliferation of valuable information stored on internet accessible systems, regulatory actions, internal users and organized crime have made security a daunting task indeed.
This explosion of technology, privacy concerns and fear of breach has led to the creation of security organizations, numerous regulations across all industries, promoted “Security Managers” to C-level positions (i.e. CISO), and has acquired consumer and Board of Director visibility. Today security is not an option but a required cost of doing business. Information has become a second currency requiring the same focus to secure it as money. Information Security roles exist for one reason today -- to lead the discipline of building security controls into the process up front and institutionalize it as a natural function of doing business. Successful execution requires dedicated focus, oversight, certified expertise and knowledge. Corporations need professionals with the ability to understand the business problem and then apply the right balance of security controls to enable sustainable success without impacting business productivity. This is where MasterLink’s Information Risk Management & Security team of industry certified experts with experience sitting in the security leader’s chair can partner with you to achieve success in this tremendous effort.
We achieve the CIA triad of Confidentiality, Integrity and Availability via our certified Holistic Information Security Practitioners (HISP). We leverage the “Plan, Do, Check, Act” model of the ISO/IEC 17799:2005 control framework as the foundation towards achieving your risk/security goals. The HISP approach provides us the ability to enhance the foundational model with other appropriate control standards like ITIL, NIST, CobIT and COSO to provide a holistic solution. By taking a holistic approach, we better understand the real problem which enables us to deploy the right solution verses more costly pointed solutions.
• Information Risk Management & Security Methodology using ISO/IEC 27002:2005 -
→ PLAN
• Establish the Information Security Management System (ISMS)
→ DO
• Implement and Operate the ISMS
→ CHECK
• Monitor and Review the ISMS
→ ACT
• Maintain and Improve the ISMS
MasterLink offers the following Information Risk Management & Security Services:
|
