Often attackers look for the lowest hanging fruit or the path of least resistance and target systems that are poorly configured, unpatched, and provide easy access to one or more information assets. Organizations who fail to protect against these types of attacks often fall victim and suffer costly compromises that result in negative press, loss of customer confidence, compliance violations, and more. One of the critical components for better protecting your organization is the development, implementation, updating, and frequent monitoring of standardized and well-documented system hardening configurations, processes & procedures; these are otherwise referred to as Technical Security Configuration Standards by RVASI. These standards allow organizations to take a more comprehensive and security-in-depth approach to security by building it in at one of the lowest levels, the system. 

Additionally, good standards provide system administrators, maintainers, and security personnel with detailed processes & procedures to follow during the system configuration, deployment, and audit phase that ensure (A) an agreed upon security configuration is being implemented across all enterprise systems based on identified threats, vulnerabilities, and known countermeasures, (B) a consistent and desired level of security is being applied, and (C) a useful baseline is established.

Our team can help organizations by developing new standards if none exist or by revising current standards to ensure that they are clearly written, up-to-date, and address applicable threats, risks, and compliance issues faced by your organization.  We use a variety of proven techniques for accomplishing this including but not limited to conducting different types of vulnerability assessments which quickly show us where the problems and/or deficiencies lie and how to best address them.

Process Overview
Basically, we approach this task by:

		Performing in-depth audits/reviews of current standards, processes, and procedures and noting shortcomings
		Clearly defining institutional security goals and objectives based on the environment, vulnerability assessments, audits, interviews, and a detailed analysis of the results
		Incorporating local, state, and federal laws, compliance requirements, relevant ethical concerns, and defined institutional security goals & objectives into newly developed or revised standards
		Ensuring that the necessary mechanisms for adopting, implementing, and monitoring these standards are in place
		The end results are new or revised Technical Security Configuration Standards that provide configurations, processes, and procedures for better securing systems throughout the enterprise.

As shown below, a un-harden system can be the weakest link in your organization and ultimately lead to the compromise of sensitive information.

About Our Standard Writers

RVASI's talented team of Technical Security Configuration Standard writers have years of hands-on and field experience crafting all types of technical security configuration standards for numerous types of systems including wireless.  Each or our standard writers clearly understands the importance of designing and/or revising standards that accurately address, focus, and reflect the specific security and compliance needs of your organization. Our team will work closely with yours throughout all phases of the process in order to achieve the most accurate, applicable, and best overall results.  At the conclusion of process, your organization can expect to receive one or more high quality and easy to follow standards documents that is customized, well written, and ready for adoption, implementation, and use by your IT or Information Security staff.

Cost

Our Technical Security Configuration Standards Solution is extremely affordable and priced well within the budget of most small to large organizations.   The cost of our standards development or revision efforts primarily depends on level of complexity and the scope of the engagement.  Bundled pricing is also available.

Getting Started

To get this process started, please take a few minutes and complete our Assessment Contact Form and a member of the RVASI team will contact you soon.