FEDERAL SUPPLY SERVICE Federal Network Systems LLC - Verizon
FEDERAL SUPPLY SERVICE Federal Network Systems LLC - Verizon
FEDERAL SUPPLY SERVICE Federal Network Systems LLC - Verizon
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• Firewall Assessment. <strong>Verizon</strong> Professional Security Services uses proven automated and manual<br />
processes to review customers’ Internet, Extranet, or Intranet firewall architectures to ensure that<br />
valuable assets are protected from attack. The assessment gathers data on operating system<br />
configurations, firewall administrative access, and firewall rule sets. The data are then compared<br />
against industry best practices, known security vulnerabilities, and compliance with any existing<br />
company security polices. The assessment culminates in a written report with findings and<br />
recommendations.<br />
• Security Policy Reviews. These are high-level assessments of an organization’s current policies,<br />
how they are disseminated to employees, and how they are enforced. The process begins with a<br />
customer interview, which results in an assessment of the current written policy.<br />
Please note that this review does not include the creation or modification of existing security policy, a<br />
service that <strong>Verizon</strong> offers as Security Policy Planning and Development. The final report will make<br />
recommendations about any deficiencies found during the review process.<br />
This review typically covers three major areas:<br />
- Logical Security. Includes system access control (i.e., log-in), password policy, software<br />
configuration and change control, anti-virus protection, acceptable use, data security, privacy, data<br />
availability, and data integrity.<br />
- Managerial Security. Includes security awareness training, personnel security, organizational<br />
structure (division of responsibility), policy enforcement, incident handling procedures, and<br />
separation of duties.<br />
- Physical Security. Includes building access control, restricted access to computer facilities (e.g.,<br />
server rooms), and computer location. Can also cover fire-suppression systems, facility<br />
construction, or air conditioning.<br />
• Security Policy Planning and Development. This service covers all of the basic<br />
analysis of the Security Policy Review (logical, managerial, physical security reviews),<br />
but goes beyond the review stage to provide businesses with a standard "Best Practices"<br />
Security Policy template. The template identifies, recommends, and implements<br />
appropriate security policy and policy-specified safeguards to help protect customers’<br />
information assets. Key components include:<br />
- Assessment of the full range of security policy and planning, including privacy, confidentiality,<br />
administration, Internet access, remote access, incident handling, audit requirements, roles and<br />
responsibilities, training and awareness, etc.<br />
- Draft Security Policy<br />
- Presentation of Draft Policy<br />
- Final Security Policy with high-level implementation plan<br />
• Technology Planning for Security Safeguards. This service helps customers select the<br />
best security solutions for their needs from a broad range of security consulting services.<br />
<strong>Verizon</strong> security consultants provide two (2) days of onsite consulting services to help<br />
customers select, design, and configure a robust security solution. <strong>Verizon</strong> offers<br />
technology planning services for the following security safeguards:<br />
- Firewalls - Two-Factor Authentication<br />
- Intrusion Detection <strong>Systems</strong> - PKI/ LDAP/ X.500<br />
- Virus Protection - Physical Security<br />
- Content Filtering - Biometrics<br />
- URL Filtering - RADIUS Servers<br />
- Encryption<br />
• Customer Training (Awareness, Executive Security, and IT Security). <strong>Verizon</strong> offers<br />
three types of training sessions for customers, which include Awareness Training,<br />
Executive Security Training (different from the pre-sales Executive Security Briefing),<br />
and IT Security Training.