Embed Size (px)
DESCRIPTION
Bolster security with an end-to-end lifecycle approach
Citation preview
HP ENTERPRISE SECURITY CONSULTING SERVICESBolster security with an end-to-end lifecycle approachAt-a-glance
To help our clients achieve cost-effective, efficient, and business-driven information security, HP Enterprise Security Consulting Services are designed around an information security lifecycle. This holistic consulting approach helps ensure that your information security is effective and aligned to your financial and business goals, as well as legal and regulatory requirements.
The information security lifecycleTrue information security in the enterprise demands more than just limiting access, chasing viruses, and erecting firewalls. We prefer to think of security as a comprehensive, end-to-end process, the ATOM security lifecycle. It begins with Assessment of your current state, continues with Transformation of that state, moves to security Optimization, and finally to best practice Management that leads to continual
improvement. Failure to address security in even one stage can ratchet up risk and introduce vulnerabilities, not just in that stage, but throughout all links in the lifecycle chain.
Consulting services for every security lifecycle stageHP Enterprise Security Consulting Services help you to implement and maintain cost-effective and efficient management of risk throughout the ATOM security lifecycle. You simply select one or more of the complementary packages below, and our consultants provide a set of clearly defined consulting services that together cover every stage of the security lifecycle. HP Enterprise Security Consulting Services add up to an integrated and holistic security offering that delivers complete, consistent information security for the global enterprise, as well as an environment of continuous security improvement. •Security Risk and Control Assessment: Delivered
by our experienced consultants, this assessment can include an interactive security discovery workshop as well as evaluation of both strategic and business risks. This consulting service enables a comprehensive risk management plan—a roadmap that forms the foundation for security improvements throughout your organization.
•Security Architecture and Technology Integration: With an understanding of risk and a roadmap for improvement in place, the next step is to design your security architecture and infrastructure, and to integrate essential security technologies. Security Architecture and Technology Integration includes design/build services that result in a fully functioning cybersecurity implementation. It also offers a complete list of services devoted to security incident and event management (SIEM), as well as services for identity and access management, data protection, and privacy. Together these consulting services help you design and implement a full-featured risk management system that meets the security needs of your enterprise.
Asse
ss
TransformOptim
ize
Optimize
Opt
imiz
e
Manage
Risk managementsystems
Risk managementdata
Proactively managedrisks
Risk managementplan
Analyzed riskmanagement reports
1. Security Risk and Control Assessment
Managed governanceand compliance
Manage
2. Security Architecture and Technology Integration
3. Threat and Vulnerability Management
5. Security Metrics and Reporting
4. Digital Investigation Services
6. Security Governance and Compliance
Consulting services in the ATOM security lifecycle
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
4AA3-9669ENW, Created February 2012
Share with colleagues
•Threat and Vulnerability Management: Once you have a securely designed infrastructure and appropriate technology in place, HP services can help you proactively manage risk. Using tools from HP and other vendors, consultants analyze internal and external threats, using a risk-based approach to proactive management. Penetration testing helps identify any network vulnerabilities and prioritize them in terms of severity and risk. In addition, our consultants can eliminate vulnerabilities by deleting data from storage devices, or even physically destroying those devices.
•Digital Investigation Services: The next vital element of risk management in the lifecycle is the collection of risk management data, via services for response and investigation discovery. When an actual or potential incident occurs, a Security Incident Response Team (SIRT) helps you rapidly implement countermeasures to deal with it, while digital/computer investigation services help investigate inappropriate or illegal activity and can collect and present evidence for legal purposes. We also provide e-Disclosure/e-Discovery services that can recover lost data from most types of media, including RAID devices, hard disk drives, or solid-state media.
•Security Metrics and Reporting: In addition to risk management, we offer services to help you capture metrics about your risk response, and we use predictive analysis and appropriate monitoring to help ensure your responses to threats are continually improving. An iterative security workshop captures your organization’s metrics; that data is then fed to a sophisticated modeling process designed by HP Labs to produce customized predictive scenarios. These services can produce a risk management report and analysis and help you make cost-effective strategic decisions about future risk management.
•Security Governance and Compliance: Our governance and compliance services help ensure managed governance and compliance throughout the entire security lifecycle. You can, for example, engage a senior HP security consultant who, acting as Client Security Officer (CSO), shares industry
best practices and helps solve both technological and business-related information security issues. Another service is compliance management, in which HP security consultants work with your teams to assure end-to-end adherence to your security strategy, policies, and operations. These services also can address specific issues, such as meeting the ISO 27001 standard for information security management systems, or complying with the Payment Card Industry (PCI) Data Security Standards (DSS 2.0). In addition, government-accredited consultants are at your command for authoritative advice and guidance on security risk management, and to help you make management decisions in accordance with official policy.
Why HP for enterprise security consultingEngaging a security consultant does not change the fact that information security risk management is still your responsibility. However, HP Enterprise Security Consulting Services are designed to help you transform your information security risk management from circumstances where you rely on tactical, technological infrastructure fixes to a stable environment where you are in full control of the risk to information and data. To get you to that safe, stable state, we arm you with unparalleled security knowledge and skills, and provide you with full assurance of the confidentiality, integrity, and availability of your business-critical information assets.
We are uniquely able to offer a comprehensive, holistic, and business-based approach to information risk management throughout the security lifecycle, and to offer that approach on a worldwide scale. Moreover, with HP you are assured of unrivalled access to technology, a thorough understanding of best practice standards, and the leadership that comes with HP’s cutting-edge research and development.
For more informationwww.hp.com/enterprise/security
