data and customer information begins with protecting your computing environment,
preventing compromises of the systems - security management. Its goal
is to protect the integrity of the sensitive and critical data that resides
on those systems. Our Information Assurance Program is about preserving
cover the daily requirement of retaining the information you and your
institution relies on to do business. They also involve the ongoing task
of understanding how to better protect that data and the confidence of
recovering it in a disastrous situation.
Retention & Recovery
One of the keys to a successful data retention program
is to develop policies and procedures to define critical data/devices,
when and where that data is stored, and the life cycle of those storage
devices/media. Cornice has developed and maintained procedures around
the many technology choices available, balancing reliability and life
cycle with expense.
key element to any program is to test the integrity of the data backups
and the ability to perform a successful restore from it. All too often
processes are put in place and followed, only to forget the main purpose
of retention; recovery. Our program includes periodic system and data
restores to validate the backups being performed. These tests not only
provide peace of mind, but also meet the best practices that federal regulators
A Vulnerability Assessment is a risk management process that outlines
the potential threats, areas of security weaknesses, and attempts to provide
recommended remedies to the extent that they are available and feasible.
It's the first step in protecting your customers and your institution.
provides comprehensive network scans and plain-English management reports
to enable you to not only manage the identified risks, but also make informed
decisions about mitigating them.
Not to be confused with a Vulnerability Assessment, penetration testing
involves deliberately staged attacks on your network to validate vulnerabilities
discovered during an assessment and/or the steps taken to close those
potential exploits. A security professional from Cornice will periodically
launch focused attacks on your network or specific systems to attempt
to compromise or disable network services. As a component of our Information
Assurance Program, it serves as a tool to enhance preventive measures
against possible threats.
Once you have identified vulnerabilities, discovered hacker signatures
in your log files, or even as a result of responding to a security incident,
steps should be taken to close those potential exploits.
highly-skilled engineers will work with you to review the vulnerabilities
and analyses to determine the best course of action. As a component of
this program and our security first approach, system hardening is an ongoing
and pro-active task.
A comprehensive Information Assurance Program will include the preventive,
detective, and corrective services as described by the Cornice Security
Management Program. This combination will serve to best prevent a compromise
and will prepare your organization to respond under critical circumstances.
Combined, the components of Information Assurance deliver a complete package
to ensure the integrity of your critical data. They also satisfy many
aspects of privacy regulations and contingency planning.
have engaged us to perform each of these program components separately
and collectively. In order to satisfy a classification as an independent
third-party in Vulnerability Assessments, it is necessary that Cornice
is not managing the network prior to the assessment process. It is reasonable
for our security professionals to perform ongoing informal assessments
to harden those systems and to minimize the number of vulnerabilities
uncovered in a more formal independent audit.