Security Consulting

Our Expertise

Compliance Framework Management

Information Security Officer Program

Security Policy Development, Awareness & Training

Security Architecture

ETS understands the importance of protecting businesses from the thousands of security threats that networks receive every day. Our objective is to help our clients maximize their technology investments and make information more secure by implementing comprehensive security strategies and operations plans.

A comprehensive security strategy is critical for protecting your data and ensuring continuity of business operations. ETS implements a defense-in-depth strategy by:

  • Assessing your businesses security needs
  • Prioritizing areas of Risk
  • Evaluating how to protect data from both external and internal threats
  • Developing and implementing policies and procedures
  • Creating an awareness and understanding of the severity of potential attacks
  • Integrating proactive remediation

ETS provides IT organizations with unsurpassed security management by offering solutions that cover every aspect of security. The Security Lifecycle includes comprehensive and repetitious coverage of security management.

The Security Lifecycle Management is a dedication to ensuring a secure environment utilizing a continual process of assessing, assigning and auditing the security controls in place with the appropriate characteristics providing validity, credibility, and confidence to the process.

Assess, Assign, Audit...Repeat

Security can be boiled down to these three simple tasks that make up the continual process of making networks secure. To add validity to this process, ETS will help you build in availability, accountability and assurance.

Back to top

Our Expertise

Wisconsin Physicians Service (WPS) has been certified by the Department of Defense (DoD) Information Technology Security Certification and Accreditation Process (DITSCAP). As part of DITSCAP, WPS undergoes security testing to determine its compliancy with the criteria specified in DoD Instruction 8500.1, "Information Assurance" and requisite security requirements.

ETS' knowledgebase and expertise as a result of our DoD security certification and accreditation sets us apart from other security services and consulting providers.

ETS Security Engineers develop technical, organizational, and security awareness components that support a holistic approach to information security management based on industry-standard methodologies, including NSA's InfoSec Assurance Methodology (IAM) and the international standard code of practice for security management (ISO17799.)

Back to top

Compliance Framework Management

Organizations can expect a steady flow of industry, state, federal and international mandates that codify the way businesses gather, store, manage and report information. IT will play a key role in compliance. Unfortunately, we cannot predict the next big regulation however, it is necessary to create a compliance management infrastructure and environment that can make future regulations less challenging to follow.

Public companies that adopt a comprehensive, compliance management architecture will spend 50% less per year than those that don't. -Gartner

A compliance strategy can also provide a competitive edge. If your business can respond quickly to new regulations while others in your industry remain stuck in multiple team mode, the advantage goes to you.

ETS will help you define the role that technology plays in compliance.

  • Business process management applications, for both reporting and risk forecasting.
  • Enterprise resource planning, to ensure that controls are in place.
  • Search and retrieval, for information discovery and communications monitoring.
  • Storage (software and hardware), to protect and retain data.
  • Security, to control access, protect data and ensure that systems are auditable.
  • Content management, to control access and handle document compliance efforts.
  • Records management and e-mail archiving, to meet retention regulations.
  • Data and application integration, to make unstructured data usable and ensure the data's reliability.
  • Business process automation, to monitor key processes and define relationships among data.

Back to top

Information Security Officer Program

The need for a comprehensive information security program stems from many sources that directly affect an organization's overall success. Regulatory mandates from organizations such as the: HIPAA, GBLA, FFIEC, FDIC, FCA, OCC, OTS, FRB, PCI and the Federal Government have significantly impacted an organization's obligation to protect confidential information in their possession.

In addition to regulatory requirements driving security initiatives, there is a need for organizations to proactively identify and mitigate security risks before they are ever realized. The Internet's communications capacity has provided the medium for security exploits to propagate quickly. With dozens of new security exploits being identified weekly, it is essential that all organizations take a proactive stance on securing their information assets.

An essential part of ETS' defense-in-depth security strategy is to assist businesses in controlling their security plan. ETS created its Information Security Officer Services for businesses that want to bring security controls to their organization without the costs associated with a full-time employee.

Organizations that are looking to augment their security strategy and operations plan can partner with ETS and take advantage of our extensive knowledge and expertise in security standards through our "rent-an-ISO" (ISO) type of service to ensure that controls, policies and procedures are in place.

Many organizations' security issues are the result of incomplete, ineffective, or non-existent security policies and procedures. Your ISO can help you establish and improve the rules or guidelines that govern how information security will be implemented, achieved and administered across your organization.

ISO Support Deliverables

  • Provide security-related vision, leadership, and strategy.
  • Provide support and guidance for a company-wide information and data security system.
  • Assist with developing, implementing and monitoring the long-term information security strategies.
  • Ensure that the organization meets all mandated security standards.
  • Manage the development and implementation of global security policy, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data across multiple platforms and environments.
  • Ensure the development, testing and implementation of appropriate security plans, products and control techniques.
  • Oversee the information security processes and policies and ensure high quality deliverables in the areas of administration, monitoring and auditing.
  • Develop and implement security awareness and training program.
The number of organizations with CISO and ISO has increased in the last year from 39% to almost 75%.
Source- Accenture Study as outlined in InfoWeek.

Back to top

Security Policy Development, Awareness & Training

ETS helps organizations develop and implement IT Policies, Standards, and Procedures that are based on Enterprise Architecture (EA) strategies and framework.

The purpose of EA is to provide a comprehensive framework of business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

It is a known fact that organizations that complete security technology and policy training have a significantly lower percentage of employee-based security breaches. This is more than showing the videos or providing them a hard copy or emailing them a policy. Employers should track employees' receipt of policies and training as well as ensure that they have a basic understanding.

ETS provides policy review and development services as well as incorporate user review and acceptance training program. Our Security Consultants will develop policies and procedures where needed for each of the following security areas based on the recommendations from a policy review:

  • Physical security
  • Network and host system security
  • Access control
  • Policy compliance, auditing and review
  • Policy Deployment to employees
  • Security awareness for Users
  • Monitoring of employee activities-"Big Brother"
  • Remote access guidelines and control
  • Authentication
  • System auditing
  • Availability/redundancy
  • Acceptable use
  • Backup procedures and data storage
  • System builds/requirements
  • Incident response/disaster recovery
  • Vendor Contract review and security audit requests/review

Back to top

Security Architecture

ETS works with organizations to define security architectures to provide the framework and foundation that enable secure communications, protect business processes and information resources, and ensure that new methods for delivering service are secure.

We partner with our customers to evaluate their strategic plan and budget, business requirements and regulatory requirements to define an architecture that is going to position them for future business growth while maintaining overall security.

No. 1 security priority for US companies in 2007 is creating and enhancing user awareness. Employees are the "weak link" in the security chain.
Source- Accenture Study

Back to top