Security Risk Management

Security is, fundamentally, risk management. In order to move away from FUD-based decision making and operate within resource constraints, organizations need a framework to make consistent, objective and accurate value judgments on security. With limited time, budget and skilled people, organizations utilize Stalwart's security risk management services to help them analyze and prioritize their needs and direct resources to where they will be most effective. We adhere to "Defense in Depth" best practices by making intelligent application of current techniques and technologies (many of which already exist within organizations) for achieving Information Assurance. Stalwart's security risk management services are proven, supportable and cost effective because they strike the right balance between people, technology and operations, enabling:

• Greater ROI
• Qauntified decision making
• Business-driven security

Compliance and Regulatory Services

Stalwart's managed and professional services create a foundation that enables clients to address key risk management and compliance challenges. Stalwart's solutions fully address each phase of the risk management life-cycle to help clients effectively define, deploy, and manage a self-defending network. Whether it is PCI, Sarbanes-Oxley, or HIPAA, we help organizations assess their current security posture, identify policy gaps and vulnerabilities, and define new policies based on their business objectives and processes. Additionally, this service helps organizations mitigate threats to their infrastructure, applications, and data by realigning defenses with security policies or deploying new defenses to address gaps, as well as manage updates and changes to the infrastructure to ensure policy and/or regulatory compliance.

Security Policy & Standards

Stalwart believes information security is a business issue, not just a technology issue. Corporate knowledge and data are arguably the most important assets of any organization. Corporations must ensure the confidentiality, integrity and availability of their data. These three security objectives answer the questions: "Who sees the data?", "Has the data been corrupted?" and "Can I access the data when I need it?" The goal of Stalwart's security policies and standards services is to ensure that the procedures, guidelines and practices for configuring and managing security in your environment adhere to current best practices as specified in the ISO 17799 standard. Stalwart's security policy and standards services help ensure:

• Demonstrable security commitment to stakeholders
• Comprehensive, enforceable policies
• Senior management buy-in

End-user Training & Awareness

The end-user population is the most often overlooked security asset within an organization. Conversely, end-users present the greatest potential weakness to an organization because "security isn't a technology problem, it is a people problem." Stalwart works with the management team to prioritize the most critical security issues to focus on (e.g. anti-virus, Social Engineering, Internet usage, securing home networks, etc.), then it develops and delivers customized training curriculum in the form of on-site sessions, WebEx conferences and/or newsletters. The purpose of this service is to communicate essential security information to the general end-user population and enlist their help in combating security issues. This service offering helps you:
 

• Minimize the time to effectively train end-user population
• Provide heightened security awareness across the organization
• Gain greater information assurance through employee empowerment 

Technical Training Sessions

The cost per IT staff member for security training is prohibitive when airfare, meals, rental cars and travel time during work hours is taken into consideration. In addition, security classes often address a fixed agenda, some of which is not applicable to the customer's needs or environment. Stalwart's offering comprises technical training sessions in 2-hour increments on specific networking and security-related technologies or issues. All such sessions are conducted at the request of the customer and can competently cover a variety of topics, including the following:

• Firewall Deployment and Maintenance
• VPN and IP Sec
• IDS and IPS
• DLP
• TCP/IP
• Security Management
• Risk Management
• Defense in Depth
• Hacking Tools and Techniques
• CIRT process and procedurerules
• Vendor-specific technology issues