Home
Security Policies
Awareness Presentations
InfoSec Department
Report an Incident
Viruses/Hoaxes
Regulations
Security News
Security Library
Security Links
|
Information Security
Department
Responsibilities
Risk Analysis
Maintain a proactive overall security posture in conducting risk anaysis by identifying critical company assets, assessing threats and vulnerabilities, and evaluating countermeasures to mitigate those risks. Assist with the security architecture and the interactions of security systems with business systems.
Perform vulnerability testing, penetration testing, and security audits as needed to assist in the risk analysis process.
Review, update, and communicate the incident response procedure as needed. Assist with the coordination and the development of the business imapct assessment, the business contingency plan, and the disaster recovery plan.
Assist with physical security procedures, including access to facilities, background investigations on employees and interaction with electronic systems.
Security Policies
Review and update corporate security policies and procedures that follow best practices and industry standards to ensure that they are current and accurate, and include changes in laws and regulations that affect the company.
Security Awareness
Reduce internal security risk exposure by educating employees through various security awareness training methods. For example: security awareness sessions, the security web site, newsletter articles, posters, brochures and pamphlets, as well as depatmental meetings and brong bag lunch sessions as deemed effective.
Security Monitoring
Provide proavtive monitoring services aimed at identifying abnormal behavior that could indicate actual or attempted breaches in security defenses. Monitoring services could include reviewing security logs, alerts, vulnerabilities lists, etc. on desktops, servers and networks, and include such tools as; properly configured firewalls, intrusion prevention or detection, anti-virus, web access, content filtering, patch management, account management, strong authentication methods, dial-up lines, wireless, extranets, and virtual private networks.
Assist with licensing compliance monitoring issues.
Research
Conduct research to identify new vulnerabilities and threats, and new security technologies, such as; authentication methods, biometrics, cryptography, and encryption.
Keep current on security best practices, industry standards and regulations, and security law and ethics.
Maintain security skills and certification through various seminars, courses, books, and publications.
|
Company