Planning

...an ounce of prevention

An active security program must incorporate:

• A coherent and explicit security policy
• Personnel security policies and procedures
• Systems security processes and procedures, including such elements as:
  • incident reporting
  • strong configuration management (CM)
  • access control
  • confidentality control
  • integrity control
• Technical controls such as identification and authentication, data validation, encryption, log file monitoring, change control monitoring
• Non-public user training and awareness
• Business continuity and disaster recovery
• Automated intrusion detection and reporting
• An ongoing risk assessment/remediation process
• Certification documentation

Fulcrum works up front with its customers to develop an active security plan. Elements of a plan include the following:

• Strategy development
• Policy development
• Operations planning
• Disaster recovery planning
• Critical infrastructure protection planning
• Enterprise-wide security strategy
• Information flow analysis
• Indications and warning methodology
• Preparedness and incident response
• Resource acquisition
• Cost estimating and analysis
• Performance measurement
• Cost/benefit analysis
• Technology assessments