How do I contact ISO Security Solutions?
Click here
Sales (Product and consulting services)
E-Mail: sales@isosecuritysolutions.com
Voice: (Toll free) 1-866-207-3189 Extension #652Affiliate opportunities (Distributor & consulting opportunities)
E-Mail: marketing@isosecuritysolutions.com
Voice: (Toll free) 1-866-207-3189 Extension #658
Why do I need the IT Security Accelerator?
The implementation of effective IT infrastructure, policies and procedures is key to running a secure and reliable Computing environment. Most companies are extremely vulnerable and even more so as they are not even aware of the threats. An organized and throughout approach must be taken. The Accelerator, based upon BS-7799 and ISO 17799 provide just that. Perhaps more importantly the IT Security Accelerator provides not only the goal, but the how to's.
Why Implement IT Security Policies and Procedures?
Business today rely on their IT infrastructure for their daily operations. While some information may be available in other places, we work with our data everyday making critical decisions based on that data. What happens if that data is compromised? How often does that really happen, and can it happen to my company? YES!
In a "Computer Crime and Security Survey" that was conducted (with 503 computer security professionals) by CSI with the participation of the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad certain chilling facts were found:
- Ninety percent of respondents (primarily large corporations and government agencies) detected computer security breaches within the last twelve months.
- Eighty percent acknowledged financial losses due to computer breaches.
- Forty-four percent (223 respondents) were willing and/or able to quantify their financial losses. These 223 respondents reported $455,848,000 in financial losses.
- As in previous years, the most serious financial losses occurred through theft of proprietary information (26 respondents reported $170,827,000) and financial fraud (25 respondents reported $115,753,000).
- For the fifth year in a row, more respondents (74%) cited their Internet connection as a frequent point of attack than cited their internal systems as a frequent point of attack (33%).
- Thirty-four percent reported the intrusions to law enforcement. (In 1996, only 16% acknowledged reporting intrusions to law enforcement.) Respondents reported a wide range of attacks and abuses:
- Forty percent detected system penetration from the outside.
- Forty percent detected denial of service attacks.
- Seventy-eight percent detected employee abuse of Internet access privileges (for example, downloading pornography or pirated software, or inappropriate use of e-mail systems).
- Eighty-five percent detected computer viruses.
For the fourth year, they asked some questions about electronic commerce over the Internet. Here are some of the results:
- Ninety-eight percent of respondents have WWW sites.
- Fifty-two percent conduct electronic commerce on their sites.
- Thirty-eight percent suffered unauthorized access or misuse on their Web sites within the last twelve months. Twenty-one percent said that they didn't know if there had been unauthorized access or misuse.
- Twenty-five percent of those acknowledging attacks reported from two to five incidents. Thirty-nine percent reported ten or more incidents.
- Seventy percent of those attacked reported vandalism (only 64% in 2000).
- Fifty-five percent reported denial of service (only 60% in 2000).
- Twelve percent reported theft of transaction information.
- Six percent reported financial fraud (only 3% in 2000) http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf http://www.gocsi.com/press/20020407.html
What is the economic reason for the investment in the IT Security Accelerator?
An organization has several choices as it undertakes the implementation of a secure IT environment for instance: hiring an employee, contracting with a consultant or taking on the process internally. An highly qualified new employee can cost an organization over $100,000/yr. with all of the usual learning curves, fit factors etc. Consultants are typically $200/hr. plus and can easily cost tens of thousands of dollars over the life of the project, still requiring existing staff to implement.
The IT Security Accelerator combines the benefits of both with existing staff. An existing employee can follow this program and implement like a highly trained specialist. The IT Security Accelerator is essentially the result of over 2000 hours of research and development "consulting". This form of consulting provides and organization the tools to self-implement an auditable, internationally recognized standard of excellence (BS-7799 & ISO-17799), however in this case the consulting bill is less, around $0.75/hr, based on the price of the IT Security Accelerator!
Some organizations may wish to augment their security implementation with a consultant for time or personnel reasons, but the time (and therefore cost) should be significantly reduced because of all of the tools provided by the IT Security Accelerator.
Do I need a consultant to institute the standards?
Using one of our approved consulting organizations for the implementation of the IT Security Accelerator can save you time and money, depending on the personnel resources you have available. If your have the proper staff then its easy to use without additional help. The IT Security Accelerator is designed to be a stand alone "implementation and training "consultant, with every element necessary for implementation and compliance. The IT Security Accelerator is based upon over 2000 hours of 'consulting', breaking down requirements into easily executable steps. A Basic understanding of ones computing environment is required, but a full IT security background is not necessary. If an organization elects to add a consultant to the process, the IT Security Accelerator will allow for a reduced cost engagement. For information on our national network of approved IT Security Accelerator consultants, please click here! Consulting and distributor opportunities
If I need Security Policies and Procedures, why should I base them on ISO Standards?
ISO is recognized as an international standards board calling upon a plethora of field specific experts to establish standards in different disciplines. There are no other auditable international IT security standard. A company that complies with these very comprehensive standards not only has a very sound and through procedures and policies, but also bragging rights that have a standard of excellence that is recognized internationally.
How does the IT Security Accelerator differ from the actual BS 7799 and or ISO 17799?
The IT Security Accelerator takes the requirements of the Standard and breaks them down into easily understandable and implementable policies and procedures. The standard provides statements, requirements, or goals, the IT Security Accelerator gives a easily followed map to achieve these goals.
What is ISO, and why Rely upon their standards?
According to ISO, ISO is: "The International Organization for Standardization (ISO) is a worldwide federation of national standards bodies from some 140 countries, one from each country. ISO is a non-governmental organization established in 1947. The mission of ISO is to promote the development of standardization and related activities in the world with a view to facilitating the international exchange of goods and services, and to developing cooperation in the spheres of intellectual, scientific, technological and economic activity. ISO's work results in international agreements which are published as International Standards." The existence of non-harmonized standards for similar technologies in different countries or regions can contribute to so-called "technical barriers to trade.
Export-minded industries have long sensed the need to agree on world standards to help rationalize the international trading process. This was the origin of the establishment of ISO. International standardization is well-established for many technologies in such diverse fields as information processing and communications, textiles, packaging, distribution of goods, energy production and utilization, shipbuilding, banking and financial services. It will continue to grow in importance for all sectors of industrial activity for the foreseeable future.
The technical work of ISO is highly decentralized, carried out in a hierarchy of some 2,850 technical committees, subcommittees and working groups. In these committees, qualified representatives of industry, research institutes, government authorities, consumer bodies, and international organizations from all over the world come together as equal partners in the resolution of global standardization problems. Some 30,000 experts participate in meetings each year. The major responsibility for administrating a standards committee is accepted by one of the national standards bodies that make up the ISO membership - AFNOR, ANSI, BSI, CSBTS, DIN, SIS, etc. The member body holding the secretariat of a standards committee normally appoints one or two persons to do the technical and administrative work. A committee chairman assists committee members in reaching consensus. Generally, a consensus will mean that a particular solution to the problem at hand is the best possible one for international application at that time.
The Central Secretariat in Geneva acts to ensure the flow of documentation in all directions, to clarify technical points with secretariats and chairmen, and to ensure that the agreements approved by the technical committees are edited, printed, submitted as draft International Standards to ISO member bodies for voting, and published. Meetings of technical committees and subcommittees are convened by the Central Secretariat, which coordinates all such meetings with the committee secretariats before setting the date and place. Although the greater part of the ISO technical work is done by correspondence, there are, on average, a dozen ISO meetings taking place somewhere in the world every working day of the year. Each member body interested in a subject has the right to be represented on a committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization."
In other words, what other standard has such global acceptance and such a through approach?
Do I need to implement all of the policies and procedures at one time?
No. The IT Security Accelerator is a very through approach to an over all IT environment, should an organization decide to implement in stages or only parts of the standards, they will be providing themselves with and excellent foundation. If time or personnel constraints make a consultant a prudent choice, the IT Accelerator will provide an excellent framework with which both parties can work quickly and efficiently together.
