CCH Enterprise Solutions has launched a new security services consulting arm and a security strategy framework to consolidate various security offerings currently available in the CCH group.
Dr Andrew Hutchison, lead information security consultant at CCH Enterprise Solutions, says CCH can now offer a comprehensive approach to security. "Developing an overall security strategy is important for organisations and the way their total systems are managed.
"It has long been recognised that awareness of security issues among management, technical and end-user groups is integral to an overall `security-aware` disposition within an organisation. With e-business, security becomes fundamental to successful trading and interaction," Hutchinson maintains.
"In light of this, a security architecture should be carefully constructed for an organisation and for specific projects as well, be they pure software development or software integration. Security should not be left as an after-thought, but rather planned as an integral part of systems development."
The CCH Enterprise Solutions security and consulting services framework, Hutchison says, portrays the range of services offered and related offerings around the security objectives which they encompass. The security services are organised around four key areas, with two associated supporting services.
Firstly, security policy, requirements and architecture: This area involves working with organisations to determine and refine their security policies according to business needs; and assisting with compliance preparation for BS7799 certification.
"A key aspect is that of helping businesses to formulate a security strategy to underpin and enable their e-commerce solutions. This is an essential aspect of ensuring a successful and sustained e-business path," comments Hutchison. "It should also be built in as a proactive part of the e-business planning rather than a reactive retro-fitting."
The planning and management of security via an overall security architecture is also part of CCH`s security offerings. "Security integration can be achieved through the planning and management of a security framework which encompasses existing and new systems, enabling integrated security rather than a collection of fragmented solutions."
Secondly, authentication and access control: Projects here are concerned with the incorporation of new technologies for specific purposes. Activities in this area include cost justifications, assistance with product selection and evaluation as well as overseeing the actual deployment of solutions.
Typical authentication and access control projects include single sign-on solutions, integration of public key infrastructure (PKI), biometric based authentication, smartcard solutions and firewalls. Penetration testing can be conducted to assess system accessibility and configuration.
Thirdly, confidentiality and integrity: Here services are aimed primarily at software developers and companies with specific cryptographic requirements. Services include selection of cryptography, review of algorithms and the implementation and testing of secure applications.
Fourthly, security protocol and cryptographic analysis: Services relating to security protocol work are specialised and directed to enterprises developing their own protocols, for example for secure communication between devices. The area of transactional security also calls for message exchanges free from replay and other attacks.
These four activities are complemented by risk management and assessment and information security training.
Hutchison advises that CCH presents technical courses such as Security for e-Commerce and an Internet Security Workshop. For a high-level overview of security from a management perspective, Computer Security Deciphered is a half-day offering. CCH also presents seminars and workshops on security topics of a company`s choice, and can provide regular, short technology and security trend updates.
"CCH is well positioned to work with companies in developing secure solutions," Hutchison adds.
Share
