Network Security Solutions  
Home Security Services NSS Experience Contact NSS Training
Monday May 12, 2008
Security
Services & Pricing
Network Security Approach
Our Experience
Training Opportunities
Company
Contact Us
About NSS
 
 
CISSP & CBCP

Security Services & Pricing

Network Security Solutions™ offers quality services at affordable prices. Nervous about the COST of security services? NSS has fixed fees for every service to take the guess work out of your budgeting process. Here are some examples:

Service Price
Threat and Vulnerability Assessment (TVA) $18,000.00*

Modern technology is enabling business communication in ways never before imagined. But with the advances comes new and potentially devastating threats—both internally and externally. Many organizations make the mistake of concentrating on technical areas before examining the foundations of their information security program. NSS’s security professionals will take the “big picture” approach by evaluating ten critical areas of your organization. We will help you find practical ways to enable your business and secure your information systems. In a TVA, NSS professionals will examine:

  1. Procedural Security – information security charter, policies and procedures, organization, roles & responsibilities, auditing, awareness, IT change controls
  2. Personnel Security – background checks, non-disclosure agreements, training, professional development, terminations & transfers, contracts
  3. Disaster Recovery/Business Resumption Planning – Fault tolerance/redundancy, data backup, recovery/continuity planning
  4. Physical Security – facilities access control, security cameras, location and marking of facilities
  5. Environmental Security – disaster/interruption avoidance, safety, air conditioning and temperature controls, electrical power and utilities
  6. Media Security – protection of all forms of physical storage media including paper documents
  7. Hardware Security – hardware maintenance and change controls, anti-theft, anti-tampering
  8. Software Security – software maintenance and change controls, software integrity, software copyright/licensing compliance, privileged program controls, anti-virus and related malicious software safeguards, database security, security design on new systems
  9. Network Security – network device security, communications security, network access controls, Internet/Web security, intrusion detection, vulnerability testing, PBX/voice system security, network change controls, firewalls & proxy servers, dialup access security, encryption, e-mail security, wireless controls
  10. Host (System) Security – multi-user and single-user (workstation) computer operating system access controls including: user authentication, data access authorization, audit logs; application security

*The cost of this service assumes the following:

  1. Two NSS consultants on site at your location for three days.
  2. One physical location.
  3. Up to thirty interviews.

This service does not include:

  1. Reasonable travel expenses.
  2. A technical evaluation using tools such as ISS or retina although those services are a natural next step and are also available.

Back to top

  
Data Center Contingency Planning (DCCP) $24,000.00§

Most understand the need to protect cars, homes, and jewelry against the unknown. But many corporate leaders don't protect their most important assets - their business. Could you survive without your mainframe, minim or servers for a day or for weeks if a building fire keeps you out? NSS's experts have provided contingency plans for some of the country's most recognized and prestigious organizations. Our DCCP service will provide you with proven plan to prepare and react in a timely manner. Our basic DCCP service will cover the following areas:

PHASE I – Continuity Assessment

  1. Project Initiation Meeting
    1. Participate in advance work with client Project Coordinator.
    2. Conduct Project Initiation Meeting to review project methodology, scope of work, objectives, work plan and proposed deliverables.
  2. Data Collection
    1. Conduct on-site interviews with the Organization to Identify critical functions, applications, systems, etc.
    2. Review all pertinent documentation.
  3. Perform Business Impact Analysis
    1. Establish Maximum Acceptable Delay (MAD) times for each of the identified business functions and supporting IT resources.
    2. Determine status of related emergency programs.
  4. Prepare the Business Impact Analysis Report
    1. Prepare and deliver the Recovery Strategy Report and deliver to the Organization management.
  5. Present Briefing to the Organization Management.
    1. Prepare and deliver management briefing to review all project findings and recommendations.

PHASE II – Recovery Strategy Assessment:

  1. Determine Business Resource Requirements.
    1. Through data collected during the Phase I on-site interviews, determine IT and non-IT resources needed to support the identified business functions.
  2. Define Command Center Concept.
    1. Establish central coordination and control point to be used during the implementation of recovery and restoration operations.
    2. Prepare and deliver Command Center Concept Paper.
  3. Define Support Organizations.
    1. Begin compiling all requisite internal and external vendor organizations, which will be employed during a declared disaster.
  4. Prepare Recovery Strategy Report.
    1. Prepare the Recovery Strategy Report and deliver to the Organization’s management.
  5. Present Briefing to Organization’s Management.
    1. Prepare and deliver management briefing to review report findings and recommendations.

PHASE III – Plan Development

  1. Develop all Requisite Recovery Plans
    1. Data Center Plan Overview
    2. Develop Team Action Plans
    3. Develop Executive Emergency Response Plan
  2. Compile and deliver all Recovery Plans
    1. Deliver all Recovery Plans to the Organization’s Management
    2. Client Review

§The cost of this service assumes the following:

  1. Two NSS consultants on site at your location for three days.
  2. One physical location.
  3. Up to thirty interviews.

This service is designed to develop a data center continuity plan. It does not include:

  1. Business continuity plans for all business units in the organization, although those services are a natural next step and are also available, or
  2. Reasonable travel expenses.

Back to top

  
Information Security Policy and Procedure Development $22,000.00§§

Information Security Policies and Procedures are the foundation of any information security program. Policies establish acceptable behavior. They establish due care and reduce culpability for most organization. For legal safeguards and practical daily business they are a “must have”. NSS professionals can examine your current policies and update or create new policies and procedures as necessary. We suggest our client create a Security Policies and Procedures Manual (SPPM). Our Policy development service includes helping our clients create effective Policies and Procedures in the following steps:

Task 1: Gap Analysis of the Organization’s current policies. This task will include a review of The Organization’s current policies and procedures, both written and informal. These policies and procedures will be compared to the best practices in the Organization’s industry (e.g., financial, service, medical, government).

Task 2: Produce the SPPM. This task will produce policies and procedures for The Organization that will satisfy their industry’s requirements. A typical SPPM developed by NSS includes dozens of practical policies and procedures. The following table of contents lists the general topical areas:

1 INTRODUCTION
1.1 General
1.2 Objective
1.3 Scope
1.4 Applicability
1.5 SPPM Organization and Content
2 SECURITY ORGANIZATION
2.1 IT Mission
2.2 Roles and Responsibilities
2.2.1 Data Owners
2.2.2 Director of Information Technology
2.2.3 Security Focal Point (SFP)
2.2.4 System/Network Administrators
2.2.5 Department Managers
2.2.6 Supervisors
2.2.7 Authorized Users
2.2.8 Information Security Management Committee
3 POLICIES AND PROCEDURES
3.1 Subject Area: Logical Security
3.1.1 Software Security
3.1.2 Change Control
3.1.3 Data/Media Security
3.1.4 Telecommunications Security
3.1.5 Workstation Security
3.1.6 System Certification and Sever Policy
3.2 Subject Area: Managerial Security
3.2.1 Administrative Security
3.2.2 Procedural Security
3.2.3 Internet and Electronic Mail Acceptable Use
3.3 Subject Area: Physical Security
3.3.1 Physical Access Control
3.4 Subject Area: Contingency Planning
3.4.1 Backup Procedures
3.5 Subject Area: Security Awareness Program
3.5.1 Security Awareness

Task 3: Present Management Highlights of SPPM. This task will include a review of the policie changes..

§§The cost of this service assumes the following:

  1. Two NSS consultants on site at your location for three days.
  2. One physical location.
  3. Up to forty-five interviews.

The price of this service does not include reasonable travel expenses.

Back to top

  
  © 2001-2003 Network Security Solutions™. All rights reserved. We protect and respect your privacy. 801.224.3194 tel.
Home : Security Services : NSS Experience : Contact NSS : Training : Designed by DesignFaucet.