As information is more digitalised, mobilised and spread than ever, Information Assurance is becoming more and more important as a security control for companies and their management. Companies need to keep their sensitive information confidential for external and internal parties avoiding information to become accessible by unauthorised individuals.
Way too often a technical solution is delivered that is not all aligned with the organizations business drivers. For most of the IT security people these drivers are unknown and they have no methodology to incorporate them into their deliverables; thereby alienating themselves from the rest of the organization.
Instead, security architectures can be delivered with greatly varying levels of detail (from the organizational level all the way down to the technical components). By following a layered approach one can deliver an architecture with the right level of detail for the task at hand and as such enable the selection of the right controls.
Ascure uses its own methodology (which is based on common standards like SABSA, TOGAF) which allows relating business drivers all the way to the technical choices made. Ascure not only employs generalists with a broad knowledge of all layers, but also specialists on the different domains.
Ascure has a large experience in assisting organizations in choosing and implementing the right security controls. Examples are:
- The establishment of a PKI infrastructure and associated governance (e.g. CP/CPS documents).
- Redesign of the perimeter security for an organization that was formed by merging multiple entities.
- Review and modernisation of the security architecture for an extranet-based solution.
- Design and advice with the implementation of a new authentication and authorization framework.
Flyer