• Define – Define the organization security policy and the implementation of this policy
• Discover – identify all assets in the company
• Analyze – In the analysis phase a comparison of the security policy to how the organization (network, people, etc.) are adhering to this policy is made. The result is a detail list of deltas. In a case of no security policy in place, a WINT ENTERPRISES security consultant will conduct an extensive interview with identified personnel responsible for implementing a security policy and use industry best practice based on company’s profile to determine what is best for the organization.
• Recommend – Working with the needs and problems identified in the analyze phase, our security consultants immediately focus on those that require immediate attention (high risks) and have a significant impact on the organization responsibility. The recommendations are influenced by costs; a company should not have to spend more to secure something than its value, ability to support the solution, what training will be needed for the organization (education) and legal/regulatory requirements for such security.

PRIOR TO START

The following is to be provided prior to the WINT ENTERPRISES consultant being scheduled on site:

• A copy of current corporate security policy, if applicable
• Approximate asset lists (device, applications, sites, people, etc.)
• Any violations or breakdown in security that the company is aware of
• A signed letter of permitting WINT ENTERPRISES security consultants to validate security risks (Get out of jail letter)
• SNMP community strings, IP Address range