PROGRAM OVERVIEW
Securing sensitive data and customer information begins with protecting your computing environment, preventing compromises of the systems - security management. Its goal is to protect the integrity of the sensitive and critical data that resides on those systems. Our Information Assurance Program is about preserving your data.

These services cover the daily requirement of retaining the information you and your institution relies on to do business. They also involve the ongoing task of understanding how to better protect that data and the confidence of recovering it in a disastrous situation.

Data Retention & Recovery
One of the keys to a successful data retention program is to develop policies and procedures to define critical data/devices, when and where that data is stored, and the life cycle of those storage devices/media. Cornice has developed and maintained procedures around the many technology choices available, balancing reliability and life cycle with expense.

Another key element to any program is to test the integrity of the data backups and the ability to perform a successful restore from it. All too often processes are put in place and followed, only to forget the main purpose of retention; recovery. Our program includes periodic system and data restores to validate the backups being performed. These tests not only provide peace of mind, but also meet the best practices that federal regulators look for.

Vulnerability Assessments
A Vulnerability Assessment is a risk management process that outlines the potential threats, areas of security weaknesses, and attempts to provide recommended remedies to the extent that they are available and feasible. It's the first step in protecting your customers and your institution.

Cornice provides comprehensive network scans and plain-English management reports to enable you to not only manage the identified risks, but also make informed decisions about mitigating them.

Penetration Testing
Not to be confused with a Vulnerability Assessment, penetration testing involves deliberately staged attacks on your network to validate vulnerabilities discovered during an assessment and/or the steps taken to close those potential exploits. A security professional from Cornice will periodically launch focused attacks on your network or specific systems to attempt to compromise or disable network services. As a component of our Information Assurance Program, it serves as a tool to enhance preventive measures against possible threats.

System Hardening
Once you have identified vulnerabilities, discovered hacker signatures in your log files, or even as a result of responding to a security incident, steps should be taken to close those potential exploits.

Our highly-skilled engineers will work with you to review the vulnerabilities and analyses to determine the best course of action. As a component of this program and our security first approach, system hardening is an ongoing and pro-active task.

The TOTAL Solution
A comprehensive Information Assurance Program will include the preventive, detective, and corrective services as described by the Cornice Security Management Program. This combination will serve to best prevent a compromise and will prepare your organization to respond under critical circumstances.

ENGAGEMENTS
Combined, the components of Information Assurance deliver a complete package to ensure the integrity of your critical data. They also satisfy many aspects of privacy regulations and contingency planning.

Clients have engaged us to perform each of these program components separately and collectively. In order to satisfy a classification as an independent third-party in Vulnerability Assessments, it is necessary that Cornice is not managing the network prior to the assessment process. It is reasonable for our security professionals to perform ongoing informal assessments to harden those systems and to minimize the number of vulnerabilities uncovered in a more formal independent audit.

Download Printer-Friendly Version