Security Policy Consulting & Modeling

The purpose of the initial consulting phase is always to arrive at a comprehensive and robust security solution that you can enforce.

Delivering Policy Enforcement

AbeoTS's goal is to deliver to each client the capability to enforce their security policy. In the real world, this simple aim is commonly deemed impracticable, due to operational complexities, personnel shortcomings or excessive costs.

"We believe that every domain can be secured, and every policy is enforceable."

The first crucial step in delivering this as a reality is to define precisely the overall Concept of Operations

The modeling phase is where AbeoTS's experience in this domain makes the greatest impact, and where our consultants are highly experienced in.

The analysis & modeling phase addresses the 3 major steps a security model requires:

• Policy: Work with your security policy manual and key stakeholders and focus threats and priorities; i.e. Who's authorized to be where, when?
• Concept of Operations: How do you intend to enforce the policy?
• Response: When a violation is detected, how do you intend to react to it?

The outputs are modeled into a set of scenarios that will be automated by the  AWARE rules engine to generate work flow.

Policy

In the Policy step, our consultants will work with you to review your existing security policy manual and key stakeholders and focus on a policy for security going forward.

Simply, we'll ask the question, "Who or what is authorized to be where, when?" and model the actual requirements into a coherent policy.

Operations

From the basic scenarios, we will go on to ask how you intend to enforce the policy, looking at what resources are available, including any legacy systems, and what environmental factors may be at play.

Response

In order to enforce when a particular event happens, what individual, organization or system should be notified? If they aren't available or responsive, what is the escalation process? How are alarms evaluated forensically?

A Workable Security Model

Once we have collaboratively addressed all these questions and generated workable solutions that fit together in a coherent model, we will have a solid picture of the technical solution required.