Examine existing infrastructure design for weaknesses and existing operational controls to determine if they are adequate to protect information assets and if they are being followed on a day-to-day basis.

Information Risk Assessment – an in-depth evaluation of the existing Risk Management process to determine if it is adequate to protect business assets and complies with regulatory requirements.

Security Policy and Procedure Review– verifies policies are comprehensive or identifies areas requiring improvement and reveals gaps between operational controls and those mandated by existing policies.

Architectural and Firewall Review– includes examination of network topology, rulebases and device configuration along with first hand observations and direct questioning to determine adequacy of existing controls.

Physical Security Review– identifies areas of security risk around and within the facility and examines processes for gaining physical access to restricted locations.

Social Engineering Assessment – uses means such as lies, impersonation, and subversive access attempts to test the strength of a existing policies, staff training, and technical controls.

IT Controls Assessment– identifies relevant systems and processes, determines the effectiveness of existing controls and practices, and comments on Quality of Risk Management and Aggregate Risk.

Intrusion Detection & Intrusion Prevention Systems – testing to verify the system is working properly and response complies with stated procedures.

Whether responding to an information security incident, developing compliant policies or assisting in the development of a security strategy, SMP offers a variety of security experience in preventive, detective, and corrective services.

Incident Response – helping organizations develop incident response plans, provides experts to minimize damages, preserve evidence and investigate root causes of a computer incident.

Forensics – with investigative protocol derived from stringent law enforcement standards, we work with an organization to achieve the proper retrieval of evidence and perform analysis of data to be used as evidence in a court of law.

Security Advisory Program – the dedicated “Security Advisory Team” offers an on-call resource to field questions and propose solutions related to technologies, network topology best practices, and regulatory compliance issues.

Security Policy Creation – customize security policies that are relevant to an organization, are compliant with regulatory requirements, and address the business objectives of the organization while operating within its cultural boundaries.

DR/BCP Development and Assessment – evaluate the existing plan’s ability to prepare and respond to disasters, accidents, and tragedies and return to operations as normal with minimum downtime or develop a plan if none exists.

The need to protect customer and company data grows increasingly important. Maintaining reputation and avoiding costly legal battles are just two critical concerns. Today, organizations must not only identify and stop improper use of information and systems, they are often challenged to investigate further to obtain digital evidence. Such investigations demand specialized skills that often exceed in-house expertise. Providing the forensic expertise necessary to appropriately collect and examine key electronic evidence.