Developing a comprehensive security posture is complex, touching every aspect of a business. Many organizations simply do not know where to begin and resort to a reactive cycle of expensive, inadequate point solutions. Without a clear understanding of where one stands, it is impossible to plan effectively for the future, and all too easy to invest heavily in an inherently flawed defense.

Effectively ‘securing’ any enterprise is, fundamentally, a process of mitigating risk. Many times, businesses select and deploy security initiatives based on a ‘perceived need,’ focusing on features and functions, instead of determining the specific risks to be addressed and their relative impact. No security architecture can adequately serve its function without a clear strategy correlated to actual business assets and risks. The greatest hurdle in enterprise security is moving beyond the deployment of technological point solutions, and the false sense of security they provide, toward a comprehensive and business-relevant security solution. A defense without a strategy provides a costly, false sense of security.

Capsicum Solutions

Capsicum helps identify and manage real risks, limit the ‘intrusiveness’ of security measures, protect corporate assets, improve accountability and increase architecture manageability / scalability. Capsicum Group can assist your business in mitigating vulnerabilities in the following security and privacy areas:

• Security Drivers (risk management, awareness, communications, budget, compliance)
• Staffing and Skills (training, in-house expertise, roles and responsibilities)
• Security and Privacy Standards/Procedures (structure, content, dissemination, use, accountability)
• Testing and Assessment (vulnerability, penetration, access, code, application, data, audits)
• Perimeter Controls (overall architecture, firewalls, partner connectivity, VPNs, dial and wireless access, high availability)
• Internal Controls (platform standards/system hardening, automated host controls, authentication/authorization technologies, quality assurance)
• Physical Controls (facilities and data centers)
• Content Controls (secure messaging, appropriate use, antivirus)
• Intrusion Detection and Response (network and host, contingency planning, detection)
• Logging and Analysis (reporting, log aggregation, security management metrics)
• Digital Forensic (recovery and restoration, evidence gathering, expert testimony)
• Cryptography (Encryption)
• Privacy (health care, Web, e-mail, database, etc.)

Capsicum considers each client’s people, process, and technology as we design security postures and as we remedy breaches.

Pressure Points

In conjunction with the business drivers and technology behind information security, our services also address the following critical areas:

• Compliance & policy reviews
• Risk assessment correlation
• Disaster recovery / business resumption
• Training and documentation

• Internet connectivity
• Third party/partner connectivity
• Remote access (dial and VPN) connectivity
• Untrusted/exposed systems posture
• Content control/appropriate use capabilities

• OS/platform security configuration
• Application security configuration
• Messaging security configuration
• Authentication mechanisms
• Data integrity mechanisms
• User management - authorization and access controls

• Logging/monitoring facilities
• Change tracking and control
• Intrusion detection capabilities – host and network
• Incident response and mitigation capabilities

Our Promise

Capsicum Group provides comprehensive solutions and support to address the security and privacy needs of your organization.