IT Security and Compliancy

AIT Partnership Group Ltd provide a range of IT components that can be either integrated into existing solutions or form part of new systems to provide secure and compliant systems for Data Centre Management, Remote Office Management, Wireless Network infrastructure and Digital Signage and Communication.

We provide best of breed components that include the very latest security and auditing features to ensure that they are compatible with your security and compliancy policies. Our consultants can advise you on which components and systems best suit your policies and our project management and installation teams will ensure that the system are configured to ensure you achieve the level of security and compliancy you require.

Compliancy regulations, authorities and standards such as Sarbanes Oxley, Financial Services Authority, Basel, ISO270001 etc are often very vague on the features required by IT systems to achieve compliancy and usually do not define the technology required. Our consultants can advise on what is considered best practice in terms of implementing technology. This is important not only to ensure that your systems are secure and compliant today but also to ensure that they will meet the developing standards. As IT matures standards will become more defined and best practice will be more widely published and adopted. For example many network managers continue to use VPN technology for remote office connections, even though they know that they are not generally considered ´secure´ and can be hacked open within a few hours of a determined attack. While standards remain ill defined busy, overworked under resourced network managers will use VPN´s rather then invest in more secure out of band technology. In the near future as best practice is established all compliant companies will need to invest in more secure hardware.

Click here for examples of secure out of band technology.

Click here for more information on Secure Wireless Networking.

ISO27001
This standard has become the bench mark in IT security. It defines and specifies the requirements and processes required to implement and manage an Information Security Management System (ISMS).

The standard requires that the following processes are carried out to establish the ISMS.

Define the scope and boundary
Define the context in which it will operate: type of organisation, risk profile, location etc
Define the Risk Assessment approach
Identify the Risks
Evaluate the Risks
Evaluate the response to the identified Risks e.g. removing, ignoring or controlling Risks
Establish controls to mitigate Risks and define the objectives of these controls
Establish Management approval and authorisation of the ISMS
Document the controls and summarise the approach to Risk Management

To download the full ISO27001:2005 document click here

One of the key requirements of ISO27001 is to maintain a complete list of threats against each asset, defined as anything that has value to the business. In practice this means that a complete asset register of all IT hardware and software is maintained and linked to a list of threats and controls associated with each threat. This is a huge and time consuming task even if an Asset register exists.

AIT Partnership Group Ltd can provide practical low cost software suitable for any organisation that provides an up to date list of vulnerabilities and threats and controls against your asset register. It is a low cost simple way to help any organisation adopt ISO27001 standards or to achieve full compliancy.

To receive a demonstration of our Risk Management software please click here

In addition AIT Partnership Group provides a full ITIL consultancy service and provides a range of software solutions that will enable you to integrate and automate your Asset Management, Change Management and other service management processes and help you achieve compliancy without increasing your resources.