Residential | Small Business | Enterprise | Wireless Region / Language
10/01/09 News: AT&T today announced the acquisition of VeriSign’s global security consulting business in a transaction that closed today. Learn More
- Security Strategy & Roadmap
- Payment Card Industry Solutions
- Trusted Security Advisor
- Security Policy Management
- Secure Network Integration
- Vulnerability Assessment / Penetration Testing
- Application Security
Security Strategy & Roadmap
Security is not a product - it is the ever-evolving integration and improvement of solutions and processes based upon industry standards, proven methodologies, and best practices. A clear understanding of risk -- and how to manage it -- is central to an effective security strategy. In this manner, our Strategy and Roadmap services provide the foundation for all of our security offerings. We use the ITIL (itSMF) framework together with a custom blend of NIST, COBIT and, IEC 27001 which are applied in a fit for purpose fashion to your unique environment. In addition to more effectively managing risk, enterprises who adopt this type of strategic approach can also reduce overall costs of compliance and audit by identifying shared requirements which are both compliance driven and also align with existing corporate goals and objectives. AT&T Consulting first reviews the current risk, compliance and security landscape to define the legal and regulatory goals, as well as existing policies, procedures and technology for timeliness and support of business need. The roadmap lays out the path from current state to desired end state, defining early-draft budgeting and timelines, and helping you chart a course to effectively balance risk, costs, and business benefits.
Payment Card Industry Solutions
AT&T Consulting is a Payment Card Industry (PCI) Qualified Security Assessor (QSA), as well as a Payment Application Qualified Security Assessor (PA-QSA). This enables us to offer a unique and comprehensive range of PCI assessment and other compliance solutions that objectively match each requirement to the optimal possible solution for your organization.
Trusted Security Advisor
Our Trusted Security Advisor offering provides subject matter expertise to lead projects or augment your existing teams. Here AT&T Consulting focuses on project execution of the enterprise security framework goals, at any stage of the project life cycle. The real work comes once a framework is defined – how to meld that framework with business needs and IT priorities. With this service, AT&T Consulting provides an implant – someone with extensive practical experience -- who can be on site to help with that process of moving to compliance within the new framework. Our roles can span from hands-on expertise in deployment, implementation and management, through interim Chief Security Officer (CSO) support. In all cases, we provide just-in-time expertise that might otherwise take too long or cost too much to acquire through normal human resourcing approaches. This provides our clients with the flexibility to augment their organization through peak project periods or strategic transitions.
Security Policy Management
A key foundation for information protection or risk management is having a set of clear security policies. These need to be easily understood, up-to-date, fully implemented, actively complied with, and flexible and enthusiastically enforced. AT&T Consulting Security Policy Management addresses the life cycle of policy requirements. We can help you develop, update and/or validate security policies – especially those required for compliance -- for proper alignment with business needs and IT capabilities. We can craft configuration standards, procedures, and guidelines and identify solutions to codify into a policy-based management infrastructure.
Secure Network Integration
When networks grow organically, or by merger and acquisition, they often end up performing sub-optimally. The same is true of security devices (firewalls with thousands of rules, for example). There may also be regulatory requirements that drive architecture changes (the push to de-perimeterization and network segmentation). Our skilled and certified security consultants have unmatched experience in the areas of network consolidation and the analysis of data and packet flow. AT&T Consulting know how to segment networks and then tune the security devices for optimal performance, minimal impact and maximum security. We have experience with data leakage and data loss prevention tools, as well as security event management devices and other state-of-the-art products. Our consultants can collaborate with you to develop a cohesive security architecture, which can be deployed and integrated in an adaptive and iterative lifecycle manner.
Vulnerability Assessment / Penetration Testing
When it comes to the law, compromise is not an option. There are new laws and regulations either already in place or coming soon that could make the protection of Personally Identifiable Information (PII) mandatory. Almost all of these require a structured information security program, with risk assessments being one key component. AT&T Consulting offers a comprehensive and world-class suite of assessment services, from penetration testing to source code analysis, to establish your baseline, and define a remediation framework which is compliant with internationally recognized standards. When an effective program of risk management is implemented and operated in close alignment with business goals, there are financial gains beyond simple TCO reduction. Studies show that firms with superior IT governance have higher profits than those with similar strategic objectives but who lack such governance.
Application Security
The AT&T Consulting Application Security offerings provide assessment of an application through its lifecycle to identify any flaws in the design, development, deployment, and maintenance phases, including payment application best practice certification. AT&T Consulting offers four categories of application security assessments. The foundational offer is an Application Security Assessment, a combination of technical application penetration testing and an application design review. The next offering, a Code Review, examines all code to identify potential weakness and vulnerabilities that could put the application and sensitive data at risk of disclosure or loss. AT&T Consulting also offers Secure Application Design and Coding Training, which provides a foundation for operating an in-house program designed to identify and track software development defects back to the source. Finally, for those customers who require it, AT&T Consulting offers Application Certification. Here, a certified code assessor reviews the development and other support processes behind the application to ensure the product is not only secure today, but will remain so over time. AT&T Consulting has formalized this process in a Security Certification program that can certify applications against the PA-DSS, the SANS Top 25, the OWASP Top Ten, or even the ISO 27001/27002 when a client wants to demonstrate the integrity of a product or application development process. AT&T Consulting can also provide certification under the Payment Card Industry Data Security Standard, among other certification services.
