Perimeter Assessment - A thorough network level review of the perimeter information security measures that are present for an organization including firewalls, IPS/IDS's, VPN's, content filters, and the general layout of the perimeter.
Network Security Assessment - includes the entire network security posture including wide area connections, partner/supplier connections, and other internal data flows.
Security Architecture Design/Review - A security architecture review would review the security architecture of the organization and evaluate how well it supports the organizations security policies. The design portion of this service would help build a conceptual security architecture that supports the overall security policies of the organization.
Security Policy Review/Design - The basis for all mitigating security efforts need to be supported by a context sensitive security policy which clearly supports the business goals of the organization. Policy is upheld by a series of Standards and enabled by Procedures. Many organizations struggle with putting these items into place in a way that is functional for staff.
Threat & Risk Assessment (TRA) - Not all organizations will need to put the same emphasis on all aspects of their businesses Information Security. A well designed TRA will help identify the risk areas that require appropriate mitigating actions within the context of the organization and it's larger business goals.
COBIT - Organizations that operate from a well-defined IT governance structure are significantly more profitable than organizations that do not. Savant Advisory Inc. has provided compliance consulting using a shared responsibility approach to help organizations adopt the good practices as identified by CobIT. Over the course of a few years of this work, it has been demonstrated that a sound IT governance structure can make a significant impact on other IT compliance requirements that are imposed on the organization.
PCI-DSS - Savant Advisory Inc. has provided practical advice to organizations working towards compliance for PCI-DSS. A majority of these items will fall to your information security area to ensure that they are in place. We can help design a program to understand current gaps in your organizations security specifically for PCI and assist in building a program to help move towards compliance.
OTHER - At Savant Advisory Inc., we've been exposed to a number of different frameworks other than the ones listed above, including BS-17799 (ISO-27000), BASEL, ISF, etc. We can work with you and your organization to build and execute a compliance strategy that helps meet your specific organizational needs.
Information Security Management Systems - The creation of a comprehensive Information Security Management System (ISMS) is the mark of an organization that clearly understands the importance of including security in all aspects of the organizations activities. Savant Advisory assists organizations through the process of building a fully integrated ISMS within their organization.
Information Security Strategy - Enable your IT Security group to grow into the team that is required to support your strategic security requirements through the formulation of an Information Security Strategy. (Note: this is best done after an Information Security Assessment)
CSO / CISO - not all organizations require a full time Chief Security Officer or Chief Information Security Officer. Savant Advisory services can provide a consultative approach to this position, providing guidance and advice on corporate Information Security matters.