Information Security Manager

Additional Expertise Helping Your Team

Receive all the benefits of a Professional and Experienced Manager without the overhead. This service can be tailored to your needs. Often we fill a security officer position on a part time or project basis. This may include the establishment of your security function or the short-term backfill of a current position.

As part of the service, your organisation can make flexible use of security and technical personnel to suit your needs, for example, Project Delivery Manager, Security Analysts, Technical Implementers etc. Additionally although the Information Security Manager will be operating on a part time basis you have full access to Rits expertise at all times.

This approach permits the use of a dedicated management resource on an as required basis for project management and delivery, while also providing the flexibility of calling on skilled professionals, at a moments notice, should the need arise.

For example, when specialised topics such as Cryptography, Internet Security or Network Vulnerability need to be addressed.

Typically a Rits Information Security Manager is used to develop and/or manage the deployment of an Information Security plan. They will also help develop strategic direction and present/negotiate with senior management.

Other functions of the service include; organising operational aspects of security, audit trail management, key management, policies & standards and user awareness.

The Rits Information Security Manager adopts a holistic approach to ensure that the needs of your organisation are met.

Key Benefits

All the benefits of a skilled Information Security Manager, without the    overhead.

A dedicated management resource when you need it.

Flexible access to highly skilled Security and Technical Specialists.

Low Cost, High Value.

Service tailored to meet your organisations specific requirements

  

Valuable & Flexible Expertise When You Need It Most!

Access to professional experienced Consulting and Technical personnel as required. For example, when specialised topics such as Wireless security, Cryptography, or Network Vulnerability need to be addressed.

Not every organisation however can afford the overhead of a fulltime Information Security Department. This is where Rits can help.

A typical arrangement is for the provision of an agreed number of Senior Consulting days and Technical Specialist days over the year. These can be used on an ad-hoc basis by the client and provide significant savings over standard daily rates while also reducing the bid/proposal cycle permitting rapid reaction to developing issues/opportunities.

Key Benefits

Flexible access to highly skilled Security and Technical Specialists.

Provides the knowledge you need to make sound business decisions.

Full access to Rits expertise when you need it.

All the benefits of a skilled Information Security Advisor, without the    overhead.

Low Cost. High Value.

Service tailored to meet your organisations specific requirements

  

Building & Strengthening Your Case

Businesses are exposed to significant risks in terms of technology based criminal activity or inappropriate employee behaviour. eForensics involves the collection, preservation and analysis of evidence in such cases.

It is vital that organisations engage an Information Security expert once they become aware of a suspicious act. If a company does not follow the correct procedures throughout the investigation evidence may be deemed inadmissible at future proceedings.

As a leader in the Irish eForensics market, we have seen a large increase in the occurrence of computer-based crime in Ireland. Increasingly Irelands top companies are turning to our computer forensics experts to identify and collect evidence from systems, which they suspect have been used by malicious or criminal parties. We can help you to investigate serious violations of company rules or prepare for civil proceedings.

Our expert witnesses apply the necessary procedures to ensure evidence recovered complies with best practice. The most common issues facing our clients' organisations today include PBX fraud, inappropriate images including pornography, contract violation, IP theft and fraud.

  

Get Certified.

'A comprehensive set of controls comprising best practices in information security'

It is worth clearing up at the outset, the core content of the latest editions of these standards is the same. ISO 17799/ISO 27001 is an internationally recognised generic information family of standards. Increasingly large companies and public bodies are expecting their suppliers and strategic business partners to attain certification or at least compliance.

Rits can aid you organisation in conducting compliance audits andprovide assistance gaining certification.

  

How Secure Are Your Applications?
The security of online applications is fast becoming a critical issue as organizations make more of their business functionality available online. A web application design which does not incorporate sufficient security controls, can severely undermine the reputation of an organisation.

Techniques such as SQL Injection and Cross-Site-Scripting (XSS) can be used to attack applications and gain direct access to corporate data. Security cannot be bolted onto application at the end. The most effective and cost-efficient way of creating secure applications is to make sure that security is integrated into the complete software development lifecycle (SDLC).

Rits offers a number of services to help your organisation create and deploy secure applications.

Application Security Program
Assist you design and develop an application security program which integrates with existing corporate development methodologies. This approach embeds security into the software development lifecycle and is the best way to ensure the security of your applications.

Tendering Process
Many organizations outsource development of their applications to third parties. Too often, security is not mentioned, with potentially serious results. To ensure the security of the development, the requirements for the project must be captured in the tender process. Rits assists you in capturing these security requirements and in evaluating the responses to the tender.

Awareness Training
Rits provides security awareness training for developers. This demonstrates typical web hacking techniques and suggests common measures to protect against these types of attacks.

Application Review
An independent review of an application design from a security perspective can highlight security flaws and weaknesses. The earlier that this can be done in the development process, the more cost-effective it is to rectify the problems.

Code Reviews
Code Reviews are a useful way of ensuring that there are no security vulnerabilities in the source code of the application. They can highlight potential weaknesses and suggest better ways of designing potential problem areas.

Penetration Testing
Testing looks at the application from an attacker's point of view. It tests not only the application itself but can also show up weaknesses in the deployment of the application and its infrastructure. This testing typically uses a combination of automated tools and manual testing to fully probe how the application reacts to unexpected inputs and events.

  

Learn Something New?
At Rits we are always happy to share our accumulated knowledge with our clients through the training of their technical staff. Tailored courses can be delivered to cater for every level of technical ability or skill deficit. Held on client sites or in our Information Security Centre in Citywest.

Courses include:

Security Fundamentals

Network Security Fundamentals

Best Practises ISO 17799/BS 7799

Cryptography

Ethical Hacking

Application Security Fundamentals