Security built-in, not bolted-on.

Accreditation Lifecycle

Security Testing

Awareness Training

Security Engineering

Security Documentation

The appropriate amount of security necessary for a system is relative to the enumerated security requirements and the degree of accepted risk. A system should adequately provide for the confidentiality, integrity, and availability of the information processed, transmitted, and stored. We can help your organization build systems to meet established security requirements and accepted security principles.

Requirements identification and analysis is one of the most important aspects in the lifecycle development process for a system. An incomplete identification of requirements can negatively impact the security services of a system as well as increase future costs. Obtaining a comprehensive analysis of requirements prior to architecting system components is an essential element of project management. We pride ourselves on being methodical and resolute in excavating security requirements from organizational requirements and operational needs.

One often overlooked aspect of a security control is the depth and breadth of the implementation. Simply instituting a control that meets the letter or spirit of a security requirement might not be sufficient to mitigate known risk. We have observed this activity in various organizations which attempt to mitigate non-compliant systems with a shoe-string control. Often times this only provides a modicum of security to satisfy the compliance issue. However, an in-depth analysis reveals risk that is not addressed or the continuance of an exposure. It is critical for the security engineer to identify and articulate potential gaps in existing controls or proposed solutions in order for stakeholders to make informed risk based decisions for protecting the system and its information.

The design of a security control is predicated on requirements and risk. This is essentially a balancing act between controls, threats, vulnerabilities, and resources. The security engineer must be able to propose a workable solution which encompasses these aspects. This involves an understanding of technology, people, and business processes. A security engineer must have the necessary creativity and skill sets to be able to identify a control that meets the need of the organization. We understand that the right solution requires an open mind, negotiation, and a willingness to explore unconventional alternatives.

Proposing and implementing security controls is one aspect of the security engineering process, it is quite another to document the planned and actual implementation. We believe that a solution is not complete without through documentation of the planned or actual solution. Proper documentation is an important part of the system life-cycle process. A poorly documented system might incur future costs due to rework or re-engineering of system aspects that are not well understood.

Sentinel Consulting has years of experience identifying innovative security solutions for a variety challenges. Our goal is to identify cost effective measures that meet your needs and requirements.

© 2007 Sentinel Consulting.