 |
 |
|
| Accountability MBS proven control strategy design techniques and patented control plane technology level the playing field against the complexity and accountability of IT security and compliance demands. Security To develop an effective security program, an enterprise must consider the magnitude of the control dilemma for any sizable network of systems. Every system has literally thousands of objects, and each object has multiple attributes to protect or configure. Many of the objects are modified through normal use; some are even “self-modified” by the operating system itself over time. There are multiple avenues of intrusion through this changing morass of objects, seemingly limited only by the creativity and dedication of the intruder. As new weaknesses in the systems are identified, new objectives must be incorporated into a security program and the program must be accurately implemented across multiple populations of systems. The Managed Baseline Solution Service Package of BCC designs and develops a control framework that can model an enterprise security plan to the byte level and report any deviations to administrative personnel. Immediate response, even automated response, can be made remotely to any deviation through the MBS technology. All detected deviations and corrective actions are logged providing a complete system change history to assist in the forensic analysis of any security incident. Changes in cyber security policies are quickly implemented through the ongoing MBS Technical Services of the MBS Service Package with minimal time or resource drain on the IT technical staff. Once implemented, the administration of the security program can be tracked and managed to continually improve protection, shore up weaknesses and globally coordinate IT security policy changes. The 24/7 alert component for key security events in an enterprise is a pivotal security program element. Early notice of irregularities that cross a defined threshold of attention can help avert subsequent system and production impact. The MBS control solution provides a real-time status of the actual security configuration for every system with special notification actions programmed into the control strategy. Significant trends in configuration management as well as system integrity metrics can be viewed directly by management. There is obvious value in being able to dialogue about the specific effectiveness and the extent of implementation of security measures via the completeness of this security program status report. Perhaps even more valuable, the manager receiving a StatePointPlus-based report is better able to give an effective, understandable report to the management level above. IT management is also better able to defend further investments in security when there are clear security implementation and control metrics that can demonstrate the real-world value of past investments. The Call for Proof - Compliance An increasing array of regulatory requirements is now calling many industries to an even higher level of information and process control. Complying with industry regulations requires not only establishing the necessary controls but providing evidence of ongoing, systematic application of these controls. This presents a need to establish a continual audited pedigree for every computer system in the enterprise. The Managed Baseline Solution Services of BCC design and implement a control framework in your enterprise with which standards can be enforced in critical software components and operating systems while easily accommodating a healthy diversity among computers. Regulatory requirements for data integrity, file access and system baseline maintenance can be explicitly defined and enforced. Using the open scripting interface of StatePointPlus, any circumstance or set of conditions that are detectable can be incorporated into the main console, giving unlimited flexibility to defend compliance areas. The BCC Managed Baseline Solution automatically audits and documents enterprise software and hardware inventory, provides a record of regulatory compliance, records key administrator actions, verifies operating system and application migration, and provides a status of the reliability of enterprise processes and services. With a unified, comprehensive control framework an enterprise can have proof of compliance to regulatory requirements, production standards, corporate policies, and security requirements that is automatically generated as a byproduct on the control processes themselves. This automated documentation also facilitates on-going IT staff diagnosis and trending of system problems. Managed Baseline Solution Services designs and develops control frameworks that can accommodate any set of industry regulatory requirements and best practices including SOX, HIPAA, PCI, ISO 17799/BS 7799 and a suite of compliance strategies utilizing NIST-STIG as the template design criteria. The control framework that is formulated and implemented for our clients are customized to the needs of their organization by incorporating requirements derived from existing organizational policies, unique production needs, targeted IT support needs, special security needs or other control strategies derived for specific purposes. |