Planning

...an ounce of prevention

An active security program must incorporate:

  • A coherent and explicit security policy
  • Personnel security policies and procedures
  • Systems security processes and procedures, including such elements as:
    • incident reporting
    • strong configuration management (CM)
    • access control
    • confidentality control
    • integrity control
  • Technical controls such as identification and authentication, data validation, encryption, log file monitoring, change control monitoring
  • Non-public user training and awareness
  • Business continuity and disaster recovery
  • Automated intrusion detection and reporting
  • An ongoing risk assessment/remediation process
  • Certification documentation

Fulcrum IT works up front with its customers to develop an active security plan. Elements of a plan include the following:

  • Strategy development
  • Policy development
  • Operations planning
  • Disaster recovery planning
  • Critical infrastructure protection planning
  • Enterprise-wide security strategy
  • Information flow analysis
  • Indications and warning methodology
  • Preparedness and incident response
  • Resource acquisition
  • Cost estimating and analysis
  • Performance measurement
  • Cost/benefit analysis
  • Technology assessments