Tallahassee, FL. According to reports released in Spring 2017, Florida is the second most-targeted state for those seeking unauthorized access to healthcare-related information. For organizations in the Sunshine State, one thing is clear: it is vital to make an IT security plan that addresses all necessary areas for full IT security.
As a leading provider of software development and management consulting services, ISF, Inc. is pleased to provide IT security services to help our clients operate better, smarter, and more efficiently.
“ISF has extensive experience working with Florida state and local government,” says Tammy Young, client partner with ISF, who has led ISF’s IT security projects, including a recent IT security assessment for the Florida Department of State. “Our team brings a unique perspective to Florida’s security requirements. Combining ISF’s understanding of Florida’s needs with the knowledge of experts in cybersecurity, we really provide Florida with a best-of-breed solution.”
Diane Reilly, Senior Vice President for ISF partner Richard S. Carson and Associates, Inc. outlines a plan for robust IT security for an organization. First, Reilly notes, an organization must have a solid security program, including good policies and procedures. Without this, holding internal users accountable is difficult, if not impossible. When there are no policies in place, the doors are open for security breaches.
Second, a vulnerability management program is really a cornerstone of an organization’s security program. This translates essentially into having a way to identify and track vulnerabilities from start to finish. The organization should work to find potential vulnerabilities and then have a plan to address them. Reilly identifies some questions that organizations should ask themselves when establishing a vulnerability management program:
- How often do we assess our infrastructure to identify vulnerabilities? What methodologies do we use for these assessments?
- How often do we perform security testing, including both internal and external audits?
- What is the plan for following up to make sure vulnerabilities are closed?
- How consistently do we perform all of these checks?
The last important element to a fully developed security plan is patch management. In addition to identifying and addressing vulnerabilities, notes Reilly, it is also important for an organization to have good hard and soft patches, accurate inventories to help determine what needs patching, and a plan for monitoring logs. The organization should ask themselves if they are truly compliance-ready when assessing their state of IT security against applicable guidelines.
Readiness has many different facets, including building security awareness into the development of systems and being fully prepared for future security issues in the constantly changing technological landscape. ISF and Carson are key partners in this effort, and can provide IT security services to match an individual organization’s specific needs, including the following activities:
Technical Assessments
- Vulnerability Scanning and Penetration Testing (includes networks, web applications, wireless networks, and mobile applications)
- Security Technology Configuration Reviews
- System Security Control Testing (NIST SP 800-53)
- Security Architecture Reviews
- Social Engineering
- Compromised System Detection
Risk Management, Governance, and Compliance
- Compliance Readiness and Assessments (e.g., PCI, HIPAA, SOX, FFIEC, HITRUST, CJIS)
- Incident Response and Data Breach Planning
- Security Consulting (e.g., program analysis, cyber insurance analysis, advisory services)
Security Program Development and Management
- Security Program Gap Analysis
- Security Program Management
- Policy Planning and Development
- Strategic Planning
- System Assessment and Authorization
- Security Training
- Configuration Management
With these IT security services, ISF can help organizations develop strategies that focus on integrating security technologies that are already in place within the organization, establishing and maintaining a robust security plan with limited resources, and identifying and implementing efficiencies to improve security within established budgets. With a strong security plan, organizations in Florida can meet the challenges of today’s security concerns.
[1] http://thecapitolist.com/as-data-breaches-mount-state-cybersecurity-becomes-high-priority/