[Support to deploy additional security measures to systems in operation]
As the critical importance of IT systems grows daily, so does the volume of targeted attacks, internal fraud and other security risks from which IT systems need to be defended.
IT systems in operation now may not have given such security risks enough consideration in the initial risk projection, and this often becomes one of the factors resulting in the increasing in security incidents regardless of business model or corporate scale.
The service we offer to support additional measures for IT system security, we assist deployment of additional security measures for cases in which an operating system requires urgent upgrade as a result of a security incident. Infosec gathers information about the background of the security incident, business requirements, current security measures in place and ACL settings from interviews and review of design documents (or review of actual settings) to propose a security measure deployment plan that takes lead time, cost-effectiveness, and migration to a next-generation system into account.
[Practical measures backed by years of experience]
Providing a comprehensive information security solution, Infosec offers practical security measures proven successful through years of experience. We provide high-immediacy reviews and advice on interim measures as needed and formulate effective and fundamental measures to prevent incident recurrence.
We formulate e measures by providing the optimal introduction plan (roadmap) given current business requirements, network structure and priority of measure introduction based on whether there are plans to replace the system.
A setting policy close to actual configuration values can be set for some of the general security configuration items such as network configuration layout, access control layout (ACL), and access authority layout (authentication and authorization).
[Flexible response from document review to the review of actual setting values]
In our assessment, the actual system settings (configuration file), ACL information, and log information could be considered as a subject of evaluation in addition to document review of design specifications and staff interviews. (Please contact us for details about the scope of this service.)
Reviewing design values and setting values from a security technician's point of view enables us to efficiently track incidents and preventative measures in a format aligned with actual conditions and raise the security standard of the IT system. For instance, we can ensure that there are no unexpected permission rules by evaluating a system's actual ACL to ensure targeted attack measures are applicable for the customer's.
Deploying the Service
[Upon request, we interview staff and support (via assessment and recommendations) the document review and setting review]
Inquiry to Proposal
- General hearing regarding the target IT system overview
- Defining customer goals, needs (issues), and the scope of both
Service Deployment (Providing Support Work)
- Interview (designers, developers, and other involved parties)
- Document review (definition of requirements, design specifications, etc.)
- Setting values review (ACL definition, network configuration, etc.)
- Organizing review results and adjusting measures policy accordingly
- Creating reports
- Delivering reports at meetings (as necessary)
- Q&A by phone or e-mail
[Sample report for assessment of access control design (firewall ACL) from the viewpoint of measures to prevent targeted attack (internal and exit measures)]
Service track record
In response to the increase of targeted e-mail attacks, we offer the following assistance for customers considering the necessity of deployment of so-called internal measures and exit measures.
- ACL assessment of internal communications and system communications with the Internet
- Assessment and improvement recommendations for all ACL from the point of view of internal measures and exit measures
- Assessment of corporate network configuration
- Assessment and improvement recommendations for network division, configuration, and access control from the point of view of internal measures and exit measures
- Review and recommendation of additional measures to improve resilience against targeted email attacks
Prices vary based on scale and complexity of the target IT system as well as the scope of support required. Please contact us for details.
This service is an extension of IT System Secure Design Support that customers receive when an IT system is designed, and is positioned among our services as an emergency assistance service for systems in operation. Please refer to the IT System Secure Design Support introduction page.