DSS provide a wide range of Security offerings and consulting services around developing policies and standards around security for your organization. These offerings are outlined below.
Policy Development
A security policy is the foundation to all security within an organisation and is based on defined, repeatable processes, which are constantly enforced. We undertake a gap analysis of existing policies & standards and may propose enhancements to those that may have become out-dated. Where necessary, we assist in the development of new policies and procedures where we establish the value of your information assets, identifying levels of vulnerability and determine how you respond if those resources are compromised.
Security Awareness
Your security policy should be incorporated into your business control processes, so that, on a practical day-to-day basis your users understand your security organisation. DSS will work with you in defining the most appropriate security awareness policies such as the use of intranet sites, posters displayed around the physical offices, computer usage guidelines etc.
Standards Development
DSS provide security services around developing standards around an organisations IT infrastructure. We review and analyse your IT environment in the context of the roles and intended applications of your technology. Through the establishment of these standards, it will be possible to audit systems to determine your compliance.
Standards development will generally cover:
- Firewalls
- Anti-virus software
- Passwords
- Desktops
- Laptops
- Servers
- Active Directory, Linux, Microsoft, Novell
Systems Hardening
Our goal is to equip our customers with the skills necessary to secure their existing infrastructures. We also provide assistance with the implementation of security technology where systems have been installed below acceptable standards.
Carrying out OS security enhancements, also known as systems “hardening”, involves modifying standard systems security settings to enhance their security controls in order to minimise known “technical risks” or risks based on weak user access controls.
We review and analyse your specific security requirements for the host with consideration for the application and services intended for the server. We develop the build specifications, and implement the server hardening of the operating system incorporating best practices. We do this while integrating your business, technical, and application requirements to achieve the optimum secure system.
Hardening is carried out in a controlled environment where configuration information is documented to build specification. Having tested the server, instruction is given on how to maintain the hardened server and the final documentation is presented.
Using Active Directory, DSS will work with you in applying the relevant security settings consistently and securely across the network for all your servers.
Patch Management
With the ever growing increase in the number of security fixes and patches required for software released to market, making decisions on which apply to your systems, and the methodology used to apply them can be a difficult and time-consuming activity for many companies.
DSS provide services around patch management in which we can work with an organisation to define the policies and procedures in relation to the distribution of patches within an organisation.
DSS can also provide implementation services around Microsoft’s SUS server, a solution that provides the ability to have automated patch management services carried out across an organisation.