In today's society, IT security is a fundamental issue for every business that uses computers. A corporations greatest asset, its business data, is at risk from fire, sabotage, theft, network failure, fraud and viruses. The majority of all IT security breaches are avoidable and yet the number of incidents is increasing rapidly.

An effective company wide information security policy is now critical and should not be overlooked until a breach in security necessitates action. Concern about security often crosses departmental lines and is an integral part of many people's job function.

• 20% of breaches have a significant or serious impact on the productivity of an organization, with 16% of systems taking over a time to restore
• 63% of consumers who decline to provide personal information to web sites report that it is because they do not trust who is collecting the data
• 92% of consumers would give demographic data to web sites if they felt they could trust the transaction and the organization
• over 72% of web users said they would provide data if the web site would only provide a statement regarding how the information collected was to be used
• 58% of web users would be more likely to provide basic demographic information to a web site if the site had both a privacy policy and a seal of approval
• 66% of web users fear sending personal information over the web
• 60 % of web users are concerned about privacy and protection

Below, are listed a few questions that might indicate that your home or office system might require some form of security.

• Are passwords easy to guess and are they changed regularly?
• Are your PCs or servers anywhere near public areas?
• Are your computer areas physically secure?
• Do you have a machine or method for checking computer viruses?
• Is waste paper binned or shredded?
• Do you keep back-up records in a secure environment?
• Do you have rules about what can and cannot be sent via e-mail?

Security Assessment Services

• Business needs assessments
• Network topology analysis
• Documentation and clarification of corporate security standards
• Network wide system classification, and compliance testing against corporate standards

External Penetration Test

These services include:

• Remote Internet firewall penetration testing
• On-Site firewall penetration tests
• Telephony penetration tests
• On-Site gateway evaluation

Network Security Assessments Services

Our most frequent assessments cover the following operating system:

• UNIX, IBM, Sun, Solaris and HP
• Windows NT servers and domains
• Novell NetWare 3.x servers
• Novell NetWare 4.x servers
• Database servers, Microsoft, Progress and others
• WWW servers
• Electronic mail systems
• Groupware

Finally, we assess network infrastructure such as:

• Routers - Public Key Infrastructure systems
• WAN gateways - Firewall
• Terminal servers - Physical security
• Authentication systems

We deal with:

• The enhancement of the corporate IT security functions to ensure effective security
• Development of on-line Internet policies and procedures for computer security and Intranet use
• Re-configuration of all operating systems, networks, tele-communications systems, DBM's and user application to address weaknesses identified
• Enhancements of physical security control measures such as alarm systems, cabling protection, card-key systems, and screen locking
• Implementation of password control software and procedures to ensure strong passwords are used in all environments
• Development and implementation of employee awareness and training programs to ensure compliance with security requirements
• Configuration and testing of an Internet protection system (gateways/firewalls) to ensure that unwarranted access to the computer network cannot be obtained via the Internet
• Procedures for ongoing and periodic computer security monitoring to ensure that security remains high

Security Policies and Procedures

• Internet network security
• Remote access
• Controls over Internet access
• Administration of networked systems
• Administration of inter-network gateways
• Virus prevention
• Backups and recoveries
• Disaster recovery plans
• Computer systems administration and security organizations
• DBMS management practices
• Password management practices
• Seminars for your I.T. staff and users

Network Security Architecture Design

• Analyzing and documenting requirements
• Designing new network infrastructure
• Identifying and evaluating network management technologies
• Identifying and removing security vulnerabilities
• Planning for future requirements
• Selecting vendors to source hardware, software and installation services
• Verifying that the system, as designed and implemented, meets your requirements
• Testing the system and each component to ensure that they do not open new security vulnerabilities

Security Technology Evaluation

We help corporations in:

• Assessing the costs/benefits of new technologies
• Implementing new technologies securely, efficiently and profitably
• Internet commerce
• Public Key Infrastructure, installation, distribution and management
• Internet Firewalls, and inter-network gateways in general
• Virtual Private Network installations, distribution and management
• Off-site backups, using high speed encrypted networks
• Multi-platform, multi-host passwork management
• Multi-platform, multi-host account management

Software Services

• System design, including network architecture, protocol design, data modeling, user interface design, source code structure, etc.
• Design validation and quality control.
• Implementation of new software, specializing in development of secure network applications.
• Quality control of the software development process used by our clients.
• Quality control of the software produced by and for our clients.

J.B. MacLean Consulting Inc. specializes in the delivery of effective security assessments and 3 types of unique consulting engagements:

1. Security Strategy Consulting (from policy articulation to enforcement, a managed corporate immersion into complete information asset protection and risk management)

2. Compliance with Security & Privacy Standards & Regulations (achieving organizational compliance with regulations from ISO17799 to Sarbanes-Oxley)

3. Security Marketing Strategy (unique management ROI strategy consulting to turn security investments into revenue growth)

Additional J.B. MacLean Consulting Inc. security solutions cover every aspect of information security:

STANDARD SERVICES

• security audits
• security awareness workshops
• computer hardening

SECURITY ASSESSMENTS

• network and application security
• business vulnerabilty audits
• complaince audits
  

STRATEGY & PLANNING

• security strategy/policies
• business continuity planning
• disaster recovery planning

COMPLIANCE

• industry standards
• regulatory compliance
• policy adoption & enforcement
  

SUPPORT

• on-site and remote support
• incident response
• continuous security
  

HUMAN RESOURCES

• security staffing
• interim management (CIO/CSO)
• employee/HR policy review

ADVANCED SERVICES

• managed security
• computer forensics
• court expert witness services

TRAINING

• customized training
• e-learning solutions

PROJECTS

• implementations / deployments
• secure change management
• product evaluation & recommendation

PRODUCTS

• data, backup, disk encryption
• secure domains, email & e-commerce
• authentication & application security
  

As information technology and the Internet become more integrated into today's workplaces, organizations must consider the misuse of technology as a real threat and plan for its eventuality. When cyber crime strikes, the real issue is not the incident itself, but how the organization responds to the attack.

A specialized and fast growing field of investigation known as computer forensics is a leading defense in the corporate world's armory against cyber crime. Forensic investigators detect the extent of a security breach, recover lost data, determine how an intruder got past security mechanisms and, potentially, identify the culprit.

Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information.

Securing and analyzing electronic evidence is a central theme in an ever-increasing number of conflict situations and criminal cases. Electronic evidence is critical in the following situations:

• Disloyal employees
• Computer break-ins
• Possession of pornography
• Breach of contract
• Industrial espionage
• E-mail Fraud
• Bankruptcy
• Disputed dismissals
• Web page defacements
• Theft of company documents

Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud.

The CHFI course will provide participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute in the court of law.