Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community / Security Management of the IT Network / Infrastructure

Security Management of the IT Network / Infrastructure

Overview

Citadel supports our clients by working collaboratively with in-house or out-sourced IT to ensure that the IT network is being managed in accordance with sound information security practices and procedures such as the ISO 27000 family, the National Institute of Standards Information Security Management Framework, the Center for Internet Security’s 20 controls, the Payment Card Industry’s Data Security Standard, as well as HIPAA HITECH, GLB and other applicable Federal and State laws and regulations.

IT Network / Infrastructure Security: What We Cover

  1. Design and Build a Secure IT Infrastructure
    1. Secure system architecture
    2. Secure device configuration
    3. Endpoint protection
    4. Logging and review
    5. Network Intrusion Protection / Detection; SIEM
    6. Mobile device management
    7. Cloud security management
    8. Application security, including websites & applications containing sensitive information
  2. Maintain a Secure IT Infrastructure
    1. Vendor management
    2. Vulnerability and patch management
    3. Ongoing system maintenance
    4. Change control
    5. Additional security management
  3. System Access Management
    1. Account management
    2. Access control to the corporate network
    3. Remote access control
    4. Administrative access control
  4. Secure Input / Output
    1. Email security
    2. Spam management
    3. Digital loss prevention
  5. Back Up, Information Continuity, Incident Response and Internal Investigations
    1. Backup and recovery
    2. Information Continuity
    3. Incident response and investigation
  6. Other Standards
    1. Encryption
    2. IT infrastructure documentation
    3. Other infrastructure standards
    4. Information security training and education of IT staff

IT Security Management Assessment

Citadel’s IT Security Management Assessment is designed to

  1. Identify and document risk-based information security management weaknesses in the management of the IT network
  2. Identify and document current security vulnerabilities in client’s IT network, prioritized by the criticality of vulnerabilities
  3. Provide the client with prioritized specific IT security management recommendations for improving the security of client’s information
  4. Support aligning IT management with the organization’s information security needs

Network Security Management Review: Citadel meets with IT management to

  1. Identify and document IT management’s general information security management practices
  2. Document any gaps between IT management’s information security management practices and the standards in our Information Security Policies and Standards
  3. Support evolution of an information security culture in IT based on formal information security management standards

Point-in-Time Security Internal and External Vulnerability Review of the IT Network Infrastructure:  Citadel conducts a vulnerability scan of the client’s internal IT network. We also conduct an external vulnerability scan of the client’s external IP addresses. [1]

Review Findings & Recommendations with Executive and IT Management: Citadel meets with senior executives and, at management’s discretion, IT management to review the results of our security management review and vulnerability review of the IT network, including prioritized recommendations for improvement.

Background Information & Additional Resources

SecureTheVillage: Managing Security of the IT Infrastructure

 

[1] Citadel uses the Nessus Vulnerability Scanner by Tenable for our vulnerability scanning. The Nessus scanner is designed to assess against the entire national vulnerability database known as the Common Vulnerabilities and Exposures (CVE) maintained by the MITRE Corporation, a Federally Chartered R&D Center. In addition, the Nessus Scanner includes plug-ins for several other information security management technical standards such as the Center for Internet Security’s 20 controls and the Payment Card Industry’s Data Security Standard.

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox.

Sign Up

Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community

  • Citadel’s Information Peace of Mind ® Program
  • Assessments and Reviews
  • Information Security Policies and Standards
  • Privacy: Information Inventory / Data Mapping
  • SecureTheHuman
  • Client Success Stories
  • Security Management of the IT Network / Infrastructure
  • Phishing Defense Training
  • Incident Response / Business Continuity
  • CCPA and Defendable Security Procedures and Practices
  • Litigation Support
  • Secure Application Development — Learn By Doing
  • Keynotes

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy