These days it would seem that everyone is selling security. Companies invest small fortunes in firewalls to secure the perimeter of a network, suites of software to protect against viruses and spyware and huge portions of the technology budget to plug intangible holes. Security is a buzzword that can send I.T. departments into frenzied spending sprees and send business managers into hiding out of sheer panic.

The ugly truth is that most of these expenditures are wasted. It is very easy to buy an expensive door with a very complicated lock that can shrug off all manner of attempts to batter it down. But this does no good if we leave the door unlocked because the lock is too difficult to use. It is also negated if we leave a window with no security right next to the door. In the same way throwing the entire budget at single components of the security model is throwing the money away. Any serious attempt to break through will just lead the attacker to the weaker parts of the network where less controls exist.

Money spent on security should abide by the same time-honoured practices in business management that have become the standard for other departments in an organization.

• It must be justified by a solid value proposition.
• It must match the priority and risk of the system that is protected by the additional security. It does no good spend high security dollars for a low priority system.
• It must be an educated purchase and not an emotional response.

There are many different types of risk analysis and management tactics that are widely used. Most of these have grown out of a need to find and fix problems before they turn into costly errors that are difficult to recover from. All of these methodologies have strengths and weaknesses that will not translate well in some situations but will shine in others. The key to an effective security model is always to provide consistency and to use methods of risk assessment that complement an organization’s focus, goals and directives.

For every organization these factors will be different.

Browen I.T. Solutions Inc. will analyze the security you have now and make suggestions on how to improve it to provide the best security possible with your equipment. Browen I.T. Solutions Inc. Security Risk Analysis & Hardening Services will provide the training, equipment, planning and implementation to shore up your network security and raise your company's awareness and empower the decision makers.

Security Risk Analysis & Hardening Services provides the following valuable tools for business:

• A complete inventory of systems, connections and software.
• Security issues (vulnerabilities, etc) relating to each system individually.
• Risk information relating to each system and server (depending on risk model).
• Details about the controls detected on each system and server.
• Evaluation of the security policy and procedures.
• Supporting data about each issue or control.
• GAP analysis of Risk vs. Controls for each system and server.
• Details about any ‘information leakage’ detected.