Agilient provides organisations guidance on network security. This applies to the security of devices, security of management activities related to networked devices, applications/services and end-users. In addition, the security of the information being transferred across the network is equally important.
Agilient’s services in this area are relevant to organisations that own, operate or use a network on site or in the cloud. This includes support to senior managers and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security, network operation, or who are responsible for an organisation’s overall security program and security policy development.
Agilient’s services are also relevant to anyone involved in the planning, design and implementation of the architectural aspects of network security.
Agilient offers a range of services associated with with this area. Our assignments in this area usually involve an initial gap assessment against best practice and peer organisations. Because Agilient works with a wide array of organisations in improving their network security processes, we have a large database of peer organisations to draw upon.
Once the gap assessment is complete we draw up a plan to help organisations transition to a more robust and efficient approach to network security.
Agilient’s Network Security services include:
- providing guidance on how to identify and analyse network security risks and the definition of network security requirements based on that analysis;
- suggesting controls that support network technical security architectures and related technical controls, as well as those non-technical controls and technical controls that are applicable not just to networks;
- recommendations on how to achieve good quality network technical security architectures, and the risk, design and control aspects associated with typical network scenarios and network “technology” areas, and address the issues associated with implementing and operating network security controls, and the on-going monitoring and reviewing of their implementation.
In undertaking this work Agilient uses the following standards.
- ISO 31000, Risk management – Principles and guidelines;
- ISO/IEC 27000: Information technology – Security techniques – Information security management systems – Overview and vocabulary;
- ISO/IEC 27001: Information technology – Security techniques – Information security management systems – Requirements;
- ISO/IEC 27002: Information technology – Security techniques – Code of practice for information security controls. The latest version of the code of practice for information security controls;
- ISO/IEC 27003: Information technology – Security techniques – Information security management system implementation guidance;
- ISO/IEC 27004: Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation;
- ISO/IEC 27005: Information technology – Security techniques – Information security risk management;
- ISO/IEC 27017: Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services;
- ISO/IEC 27031: Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity;
- ISO/IEC 27032: Information technology – Security techniques – Guidelines for cybersecurity;
- ISO/IEC 27033-1: Information technology – Security techniques – Network security – Part 1: Overview and concepts;
- ISO/IEC 27033-2: Information technology – Security techniques – Network security – Part 2: Guidelines for the design and implementation of network security;
- ISO/IEC 27033-3: Information security – Security techniques – Network security – Part 3: Reference networking scenarios – Threats, design techniques and control issues;
- ISO/IEC 27033-4: Information technology – Security techniques – Network security – Part 4: Securing communications between networks using security gateways;
- ISO/IEC 27033-5: Information technology – Security techniques – Network security – Part 5: Securing communications across networks using Virtual Private Networks (VPNs);
- ISO/IEC 27034-1: Information technology – Security techniques – Application security – Part 1: Overview and concepts; and
- ISO/IEC 27034-2: Information technology – Security techniques – Application security – Part 2: Organization normative framework for application security.