IT System Secure Layout Support

Reducing IT system security risks by introducing appropriate security layout and configuration

Service Outline

[Supporting system development to meet both business needs and security requirements]

A consultation with Infosec to support secure design of an IT system consists of supporting integration of security to the information system or reviewing specifications as it fulfills business requirements in every stage of the information system development life cycle (SDLC) from "planning and requirements" to "detailed design".
Security integration in the early stages of the SDLC requires less cost compared to adding security to information systems already in operation.

Service Outline

Infosec Strengths

[Multifaceted approaches from diverse experts]

A security review in each phase of the SDLC is effective to reliably protect assets, ensure sound performance of strategic and multilayered security, and reduce developer rework.
This service is provided by professionals with CISSP certification, ISMS inspectors, vulnerability assessment technicians, and developers with experience in large scale systems with a multi-faceted approach.

[Practical measures backed by years of experience]

Providing a comprehensive information security solution, Infosec offers practical security measures proven successful in years of experience. We do not limit our support to comprehensive security measures our products and our partners' products provide. We also advise you on measures required by the target system from the standpoint of overall information security.
A setting policy close to actual configuration values can be set for some of the general security configuration items such as network configuration layout, access control layout (ACL), and access authority layout (authentication and authorization).

[Flexible response from document review to the review of actual setting values]

The security review at the early stage of defining requirements will mainly involve assessment and advice on the document review.
For a review during the detailed design stage or when finalizing design, or when considering partial expansion or replacement of the preexisting system, we can include settings (configuration file), ACL information, log data that will be used in the actual system (Please inquire for setting ranges.) in our assessment in regards to performing the review in the stages.
We can eliminate unintended layouts and unnecessary risks, and increase the level of IT system security by reviewing the layout and setting value from the perspective of a security expert. For example, we perform an impact assessment of changes by borrowing and evaluating actual before/after ACL settings for customers considering modifying firewall configurations and changing equipment models.

Infosec Strengths

Deploying the Service

[Upon request, we interview staff and support (via assessment and recommendations) the document review and setting review]

  • From Inquiry to Proposal
    • General hearing regarding the target IT system
    • Defining customer goals, needs (issues), and the scope of both
  • Service Deployment (Providing Support Work)
    • Interview (designers, developers, and other parties involved)
    • Document review (definition of requirements, design specifications, etc.)
    • Setting values review (ACL definition, network configuration, etc.)
    • Organizing review results, and adjusting measures policy accordingly
  • Report
    • Creating reports
    • Delivering reports at meetings (as necessary)
    • Q&A by phone or e-mail

Sample

[Sample reportof ACL equivalence evaluated for large-scale network configuration changes]

Reported samples performing such ACL equivalence assessment in large scale network configuration changes

Report samples evaluating firewall ACL from a  point of view of targeted attack measures(internal measures )

Report sample 2 evaluating firewall ACL from a  point of view of targeted attack measures(internal measures )  (report image)

Service track record

[Case Study (1)]

We offer the following support for customers considering configuration changes and firewall replacement in large-scale networks.

  • Evaluation and suggestions for improvement of firewall ACL equivalency before and after the configuration change
  • Risk assessment improvement recommendations based on configuration changes in the network

[Case Study (2)]

For customers considering deployment of single sign-on among company-owned Web sites, we offer the following assistance (including need assessment).

  • Review and proposals for improvement of validity of the method of inheritance of authentication states
  • Review and proposals for improvement of validity of authorization range following a transition between sites

Service deployment price

Prices vary depending on scale and complexity of the IT system requiring support. Please contact us for details.