NYSTEC

• About NYSTEC
  • Practice Areas
  • Management
  • CEO's Letter
  • NYSTEC History
  • NYSTEC Clients
  • Health Care IT
  • Federal Labs
• The NYSTEC Difference
  • Why Choose an Independent Advisor?
  • Your Trusted Advisor
  • The Not-for-Profit Advantage
  • Certifications
  • What NYSTEC Can Do For You
  • Case Studies
• Business Inquiries
• Federal Labs
• Contract With NYSTEC
• Related Links

Information Security: Key Points

NYSTEC’s expertise encompasses the following Information Security disciplines:

Business Continuity and Disaster Recovery Planning and Assessments
A business continuity and disaster recovery (BC/DR) program allows your organization to deal with a natural or manmade disaster and its immediate ramifications, and ensures that you can still conduct business.
 
Vulnerability Assessments
A vulnerability assessment is a process that defines, identifies and classifies security vulnerabilities in a computer, network, or communications infrastructure, whether wired or wireless.

Risk Assessments
A risk assessment documents the level of risk associated with a technology system, and allows management to develop appropriate strategies and controls to protect information resources.
 
Information Security Policy, Processes, Standards, and Procedures
Security policies establish senior management’s vision for managing security within the organization.  All security processes, standards, and procedures are derived from these policies.

Compliance Audit and Gap Analysis
A compliance audit and gap analysis is a comprehensive review of an organization’s compliance with security policies and standards

Security: Application and System Development
Security cannot be an afterthought when it comes to the development of new applications and systems.  We assist clients by identifying key security issues at each stage in the development life cycle.

Technology and System Acquisition
Information Security aspects of any acquisition must be addressed throughout the acquisition cycle (requirements development, RFP development, proof of concept, and final selection).

Identity and Access Management
Identity and Access Management (IAM) deals with identifying individuals in a system, and controlling their access by associating user rights and restrictions with established identities.

Data Classification
As a fundamental building block in information life-cycle management, data classification categorizes information for its secure and efficient use.  It ensures that information assets are adequately protected throughout their life cycle by instituting specific controls for their confidentiality, integrity, and availability.
 
Additional Information Security Services
In addition to the services outlined above, NYSTEC can provide:

• Security Training - Our Information Security training course has been reviewed by the Committee on National Security Systems and the National Security Agency and certified as meeting the National Training Standard for Information Systems Security Officers, CNSSI No. 4014E.

• Forensics - NYSTEC possesses the equipment and expertise to perform forensic analysis on computers to assist organizations in determining whether employees are compliant with the organization’s acceptable user policy.

• Physical Security - We can assist the organization in formalizing and documenting physical security requirements as part of a solicitation or RFP.

• Security Design Review - NYSTEC can provide unbiased security reviews of vendor-proposed architectures and designs.

• Case Studies
• Download PDF Data Sheet
• News/Events
• Business Inquiries