Security Assessment

OrangeSec consultants will identify each system's characteristics in order to determine security requirements. Characteristics include system function, capability and criticality, data types, users, lifecycle and ConOps.

Vulnerability Assessment

OrangeSec consultants will assess and identify vulnerabilities and discrepancies in the system architecture, system design, network interfaces, product integration, configuration management, access controls, and personnel policies and procedures. Such an assessment will determine a system's susceptibility to exploitation, the potential rewards to the exploiter, the probability of occurrence, and related threats and associated risks.

System Security Components

As part of an overall security design, OrangeSec consultants will advise and educate its customers during selection, installation and configuration of IT security components. These include firewalls, intrusion detection systems (IDS), virtual private networks (VPNs), digital signatures, smart cards and network traffic filtering.

Information Awareness Training

The key to maintaining a strong security posture rests with the ability to keep security initiatives up to date. Training not only enhances the security posture of the entire site, but it further ensures that security practices are accomplished correctly. OrangeSec designs and provides training on all deliverable services to enhance the security awareness of system users, further reducing information systems vulnerability.

Links

There is a comprehensive IT Security site at www.cerias.purdue.edu/coast/.