Advanced Security Policy

In All by Alex Kallimanis

On top of the general protections that are outlined in our Core Information Security Program there are a number of a la carte policies that may be required based on your industry. An advanced security policy strengthens and supplements the security measures that your company is making when signing up for Managed Services.

 

Multi-Factor Authentication

Multi-factor authentication is a simple security practice that can have a dramatic effect on the security of a system. Generally speaking a multi-factor authentication (MFA) changes the login for a program or account from requiring simply the username and password. Many internet users will be familiar with MFA in the form of a security question, captcha, or email/text confirmation code.

Requirements:

  • Azure Active Directory per user
  • Installation and configuration time

File Access logging

Who was the last person to access this file? When was the last edit made? File access logging will let you know which of your users are accessing sensitive files and data. This information can be useful in the case of data extortion, breach, or leak.

Requirements:

  • A desktop station serving as a logging server (must have robust hardware requirements)
  • Installation and configuration time

Intrusion Prevention Services (and Logging) and Malware Filtering

Intrusion Protection Services (IPS) and Malware Filtering provide added layers of security when coupled with your existing firewall. IPS systems find, log and report malicious or suspicious behavior to your system administrator. Likewise Malware Filtering makes sure that all programs are scanned and malicious programs stopped before they can do serious damage.

Requirements:

  • Cisco 5506 X Series Firewall appliance
  • Cisco 5506 X Series Firewall appliance warranty – yearly
  • Cisco 5506 X Series Malware Protection (Intrusion Prevention) Subscription – yearly
  • Cisco Firepower Management Center, VMWare (for IPS Logging)
  • Cisco Firepower Management Center, Annual Maintenance (for IPS Logging)
  • Installation and configuration time

Periodic Independent Third Party Security Assessment

Third party security assessments, as the name implies, cannot be performed by First Service Carolina. However, we have the necessary contacts to set you up with an accredited professional. This security expert will test and analyze your system for strength and security and report their findings.

Third Party Penetration Testing

Similar to the Third Party Security Assessment, Third Party Penetration Testing cannot be performed by First Service Carolina. The security expert that performs this test will attempt to penetrate your network, find any backdoors or workarounds, and report the findings back. This process allows you to identify and address potential security holes in your network.

Advanced Security Policy by First Service Carolina

Like with most technologies, nothing is foolproof. The people that want to break into your network and access your data are always on the hunt for a new vulnerability. That is why it is important to have a trusted, responsive Managed Services Provider like First Service Carolina in your corner. We will help you design and implement a network that meets your security concerns, and any guidelines that have been enacted in your industry. If you would like to learn more, please visit our contact page, or call First Service at (919) 832-5553.