|
Montani Solutions, LLC |
|
IT Security and Compliance Consulting, Assessments, Audits, Reviews, Training |
|
Expert assistance in keeping your IT resources as secure as the mountains. |
|
© 2008 Montani Solutions, LLC webadmin@montanisolutions.com |
|
Security Awareness / Training / Education |
|
Security awareness is the foundation of security efforts in an organization in relation to the people of an organization. Montani Solutions can help enable your staff to be partners in your security efforts. When end-users are not educated, they can easily be victims of ‘social engineering’ - divulging confidential information to unauthorized parties. And protective technology, such as passwords, are virtually useless when people do not use them properly. Security awareness can be initiated by seminars, reminders and newsletters. Training your staff comes after awareness, involving building knowledge and skills in how to properly follow the policies and procedures, use the technologies, and protect the organization’s information. |
|
An Information Security (INFOSEC) Assessment provides your organization: · Determination of which information is critical · Identification of the systems that process, store, or transmit that critical information · Determination of the proper INFOSEC posture for these systems · Identification of potential vulnerabilities · Recommendation of solutions to mitigate or eliminate those vulnerabilities NSA and commercial information security assessors developed the INFOSEC Assessment Methodology (IAM) as a detailed and systematic way of examining cyber vulnerabilities. IAM is a high-level, non-intrusive process for identifying and correcting security weaknesses in information systems and networks. Montani Solutions uses its INFOSEC analysis skills along with the IAM to provide a standardized assessment service for your organization that meets federal requirements. |
|
Information Security (INFOSEC) Assessments |
|
Information Security (INFOSEC) Evaluations |
|
An Information Security (INFOSEC) Evaluation provides: · A detailed analysis of the information systems in your organization · A repeatable measure of the vulnerabilities within your technical infrastructure. Subsequent evaluations can show progress in improving security. · Recommendations for the organization on how to eliminate or mitigate those findings IEM is intended for technical evaluations conducted as a follow on or in conjunction with the IAM process. It is a cooperative hands-on standard process for conducting evaluations of governmental and civilian networks using common technical evaluation tools. It is an easily repeatable methodology that can provide a customer a roadmap for addressing its security concerns and increasing its security posture. |
|
Security Specifications & Reviews for IT / Web-Based Applications |
|
Many organizations are adding web-based access to their existing systems, or are developing new applications. Those systems must have integrated functions to ensure the security of the data they hold. Frequently, software developers of those systems require explicit specifications of the needed processes. Montani Solutions has experience in reviewing the security requirements of the data being processed and stored, developing the detailed specifications for the security-related functions, monitoring their inclusion in the system, and testing that they function as intended. |
|
Compliance Planning and Reviews (HIPAA, FERPA, GLBA, SOX, etc.) |
|
IT’s role in compliance is undeniable, but many organizations have yet to engage in a real dialogue about how IT can help streamline compliance programs and create efficiencies that can have long-lasting business value. What are the major IT issues that underlie compliance, risk management, and governance programs? From Sarbanes-Oxley to FERC, from privacy laws to records retention litigation, Montani Solutions can deliver concrete, useful recommendations that translate into IT strategies, processes, and policies for building strong and sustainable compliance programs that support and strengthen your business efforts. |
|
Computer Incident Handling — Preparation, Identification, Containment, Clean-Up |
|
Every organization that uses IT facilities to support its mission will be faced with a computer incident or emergency—sooner or later. It may be cyber theft by an outsider or insider; a mass virus outbreak that infects key servers or all PCs; fire or physical damage to key IT systems; unintended disclosure of confidential information; or inappropriate / illegal use of the organization’s IT resources. Properly addressing these events is an activity that should be led by trained INFOSEC professionals that most medium and small-sized organizations do not have on their staffs. We can assist you in preparing for these inevitable events. And when they occur, we can lead the efforts to handle the situation appropriately. |
|
RFP Preparation & Bid Evaluation for Security Technology and Services |
|
If your organization is planning to acquire an enterprise-wide security system or service but don’t have the knowledge to develop the technical RFP or evaluate the bids, we can help you. Our principals have experience in developing formal RFPs and evaluating technical proposals and bids for systems such as firewalls, ant-spam services, etc. |
|
General IT Project Management |
|
With years of experience in various aspects of providing services besides IT Security, Montani Solutions can also manage general IT projects — from requirements through implementation — for organizations that need this service. We can be your representative in coordinating IT projects. |
|
Evaluation and Recommendation of Security Technology and Services |
|
Does your organization need assistance in evaluating enterprise-grade security-related technology or services? That includes firewalls and other security appliances, anti-virus and related software, intrusion detection and/or protection systems, anti-spam systems and services, web-hosting facilities, SSL certificate authorities, consulting firms who perform penetration tests, forensic investigations and other highly specialized services. The principals at Montani Solutions have experience in performing both formal and informal evaluations and recommendations. |
|
General IT Security Consulting |
|
Perhaps your business or organization needs someone to augment your existing IT security staff, an ‘outside expert’ to review a proposal or plan, or an IT security professional on retainer to call for those unanticipated events. Montani Solutions will customize an approach to address your organization’s individual needs, while following established methods and best practices. |
|
Montani Solutions can assist your organization, no matter what its size, in ensuring that your computer systems are as secure as a mountain. Our personalized approach brings broad-based technical knowledge and experience to reviewing your systems, identifying vulnerabilities and recommending solutions to protect the information that you rely on for success in your mission. Using accepted methodologies and industry best practices, we will provide your organization... |
|
Services |
|
Your organization has policies, procedures, staff training and technology in place to protect its IT resources. But how can you be sure that they actually work as needed? A security audit answers that question by measuring actual practices against established standards. Depending on your needs, we can perform a conformance audit, a security audit, or a customized combination. A conformance audit measures how well a system or process conforms to the policies and/or procedures that have been defined by an organization. A security audit is measures policy, procedure or audits themselves against industry best practices to determine if there is a need for improvement across multiple systems or applications. |
|
Security and Conformance Audits—Networks, Perimeters & Systems |
|
Review & Development of Security-related Policies, Standards, Procedures & Guidelines |
|
The cornerstone of effective IT security protection is having established policies, procedures and standards for the organization to follow. A security policy establishes at a high level what must be done to protect information stored in the IT resources. An effective policy also protects people by allowing people to take necessary actions without fear of reprisal. Security policy compels the safeguarding of information, while it reduces or eliminates personal liability for employees. The most common example is an Acceptable Use Policy. A security standard is a more detailed statement of specific requirements that must be met by everyone. Procedures establish how those policies and standards are to be followed. And guidelines are collections of recommendations for best practice. Even though there are components that should be in all security-related policies and standards, they must be customized to the needs of each organization. We can review your current statements, and help you update or write them to meet today’s environment. |
|
Review & Development of IT / Information Security Strategies and Plans |
|
In IT security, like any effort we undertake, we need to have a reason for undertaking the effort, a plan for enacting the effort, and a process to use for completing the effort. Combined, these three things make up our strategy. If your security efforts are to be successful you need to have a strategy for making them a success. The strategy sets the plan of action for the security efforts, addressing three basic items: · Where we are going · How we plan to get there · How the plan and efforts to improve security will support the overall organization |
|
Contact Montani Solutions to discuss improving the security of IT resources at your organization. (301) 840-1621 Info@MontaniSolutions.com |
|
Examples: |
||
|
· Developing Applications |
· Testing Applications |
· Deploying Applications |
|
· Data Conversions |
· System Installations |
|