First Gate Consulting (FGC) helps companies, regardless of size, identify, prioritize, and manage security weaknesses and threats. Our business is helping you protect yours information and IT assets from hostile outsiders and trusted insiders with policies, procedures, and the technology products to support them.
Using a systematic process, FGC follows a practical 3-step approach to build a secure business environment:
- Think the business and network for vulnerabilities
- Build and remediate identified weaknesses
- Manage risks through a security program
Think
the business and network for vulnerabilities
You would not start to take medication or let a doctor perform an expensive, risky procedure on you without a current physical or even a second opinion, would you? Therefore, we will begin the process to protect your networks by assessing what is at risk, what is vulnerable, or what is truly important. Unfortunately, many companies spend too much money on unnecessary security technology, miss the simple things, and virtually leave their networks wide open. It is often worse than when they started.
First Gate Consulting (FGC) believes in assessing an environment before prescribing how to fix it. Our line of assessments represents the entry-level phase of FGC security process model, which gathers the current state of information security and makes recommendations that will assist a company in achieving basic protection levels. It is upon this foundation that all future information security management activities will be built.
All of our assessments follow a similar, systematic process. FGC uses a variety of automated commercial and open-source scanning tools, technical reviews and observation to determine the current state of network vulnerability. We also review the policies, processes, standards, guidelines and other operational elements that govern the client environment. Recommendations are made to quickly correct the symptoms, mostly caused by technical vulnerabilities, while longer term investments can be made to improve and maintain the overall management framework.
Assessment Services
- Enterprise Security Assessment
Comprehensive evaluation of security posture from an external AND internal perspective, including an in-depth evaluation of a client's security architecture, policies and procedures, threats and vulnerabilities, and technical security controls and mechanisms.
- External Vector Assessment
Comprehensive evaluation of security posture from an external ONLY perspective, including an in-depth evaluation of a client's security architecture, policies and procedures, threats and vulnerabilities, and technical security controls and mechanisms.
- Internal Vector Assessment
Comprehensive evaluation of security posture from an internal ONLY perspective, including an in-depth evaluation of a client's security architecture, policies and procedures, threats and vulnerabilities, and technical security controls and mechanisms.
- Threat Assessment
Identify network security threats (e.g. malicious traffic) that are entering and leaving the organization.
Build
and remediate identified weaknesses
Using the information gained through the initial assessment phase, the improvement phase is focused on building a baseline security posture to remove high risk vulnerabilities and to provide a foundation for future improvements. Security program elements can be clustered into four distinct areas: People, Policy, Process and Technology.
The dynamic ties between people, policy, and process have tremendous impact on any organizations security program and are the most likely points of weakness found in an initial assessment.
People
In many organizations, people are typically the weakest link in securing the network. Properly educating and maintaining awareness within both technical and user staffs is crucial to a security program. Users need to understand what the organization values (policy), how to do their job within a secure framework (process) as well as the risks that are at stake. Technical staffs need to understand these things as well as how their day-to-day activities support the company security program.
Policy
An organization defines its values in policy documents. Policy answers questions regarding the sensitivity and ownership of company information, acceptable or expected norms of behavior and appropriate use of company resources. Good policy is usually technology independent, recognizing that while technologies rapidly change, values do not.
Process
Processes define the actions to be taken to meet corporate policy. Processes guide staff through the proper ways of contributing to the security program. Processes can be technical and may change as technology changes.
Depending on the results of the initial assessment, First Gate Consulting (FGC) can assist with the following People, Policy and Process areas:
- Information Security Policy Development
- Information Security Procedure Development
- Information Security Standard Development
- Technical Process Development
- Security Awareness Training
Technology
FGC can help organizations implement numerous security technologies, and the critical processes required to achieve risk and cost reduction goals, including:
- Infrastructure, Firewalls and Perimeter Security
- Server and OS hardening
- Intrusion Detection, Prevention and Response Systems
- Centralized Log Management
- Wireless Security Solutions
- Compliance Solutions
Manage
risk through a security program
First Gate Consulting (FGC) can take on a portion of your security program, help you find an outsourced service or prepare you to take on the task with the goal of increasing your productivity. We can customize our services to meet and support your needs in many security areas.
The following are our services that we offer:
- Periodic Security Health Check
FGC repeats the vulnerability scanning processes periodically (e.g. monthly or quarterly) to help you measure improvements in the security program and prevent new vulnerabilities from exposing your network.
- Incident Response and Recovery
FGC can assist you in the event of an attack or incident. We will help you quickly gathering evidence and rebuild the affected systems, where appropriate, to return your network and services to normal condition.
- Technical Staff Mentoring
Because many talented technical staffs or administrators already have some basic security skills, FGC can provide them with some coaching and support alongside your technical team to help them becoming security experts in your company.
- Project Review and Consultation
FGC offers its expertise in the planning and design phases of information technology projects to insure that information security is considered and implemented into the beginning of any projects, reducing both cost and time.
- Security Metric Reviews
FGC strongly recommends you to create security metrics, which should be specific, measurable, and have attainable objectives, that will help you characterize the health of the security program. FGC offers to periodically review these security metrics with your staffs as a management service.
