|
|
Security
is becoming an increasing concern for many organizations as security attacks are
increasingly reported in the public arena and concerns of confidentiality of
customer information grow. Organizations want to insure that they do not become
the next public embarrassment and that they can ensure their customers that
their services and data are secure.
The
following services attempt to approach this domain from both a business,
enterprise policy and technology direction with the majority available as
assurance and definition services.
Key Benefits
 | Business process support within security frameworks |
| Enterprise security and risk management assurance |
| Qualification for Australian Government Privacy Policy Act |
Capabilities
| Business processes for trust services |
| Security policy & risk management review |
| Infrastructure and security architecture |
-
- Business Process for Trust Services
-
Focuses on the business process to enable and maintain trust based
access services over customer access / e-commerce channels. An example
might include business processes for digital certificate assignment,
distribution and management.
-
| Access via Trust |
Assurance / Definition for business processes for access
based on trust around authentication, authorization, delegation for coarse
and fine grain access.
|
| Token Distribution |
Assurance / Definition for business processes for
assignment, distribution and management of various forms of authentication
tokens such as PINS, Smart Cards and / or Digital Certificates.
|
-
- Security Policy & Risk Management Review
-
Focuses on enterprise security policies governing internal /
external controls of access to applications and data and the
enterprise policies relating to risk management and recovery. This
service is easily extended to ASP / ISP organizations as defining
charters for contractual obligations and level of protection, risk
management procedures followed and how recovery operations are
performed.
-
| General |
Assurance / Definition for organization security
policy and risk management procedures as it applies to internal
access and management of data, systems and resources.
|
| Commerce |
Assurance / Definition for e-commerce security
policy and risk management procedures as it applies to external
access and management of data, systems and resources.
|
| ASP SP & RM |
Assurance / Definition for Application Service
Providers security policy and risk management procedures as it
applies to client and customer access to those data and systems.
|
| ISP SP & RM |
Assurance / Definition for Internet Service
Providers security policy and risk management procedures as it
applies to web hosting clients and customer accounts.
|
Infrastructure and Security Architecture
Focus on infrastructure (Firewalls and Security Products) and
Security Architecture required to support end-end access to
applications and data from customers, suppliers and partners. The
latter is also concerned with policy based security services governing
single registration and policies applicable to authentication and
authorization (coarse and fine grain), roles and access to
applications, data and levels of capability (create, review, update
and delete).
| Infrastructure |
Assurance / Definition for security infrastructure
to support the identified and captured business goals.
|
| Security Architecture |
Assurance / Definition for security architecture to
support authentication / authorization for the identified and
captured business goals.
|
| Security Policies |
Assurance / Definition for security policies for
registration, authentication, authorization, delegation, access to
applications, data and resources for alignment with business
requirements and goals.
|
-
- Digital Security Workshop
-
Focuses on assisting organizations to understand the challenges of
security from a business, technology and public responsibility
perspective. Appart from being a course, this service is interactive
allowing drill down into specific security requirements, components
and considerations to be made in future business and technology plans.
Thus although a majority of the service is fixed, the flexible portion
allows collaboration to occur and tailoring to individual client needs
with appropriate break out sessions.
-
| Business Security |
What does security mean from a business perspective
for assigning risk associated with confidentiality, protection and
level and type of permitted access.
|
| Technology Security |
What does security mean from a technology
perspective for enabling business transactions and architecture
and technology considerations.
|
| Digital Security |
What does security mean in relation to c-commerce,
m-commerce and t-commerce in protection of customer assets /
information and enabling business processes / transactions over
the Internet. This is presented in a high-level format from both a
business and technology perspective.
|
|
