The AT&T Consulting Security Practice provides complementary services to our Security and Business Continuity portfolio. More information on Managed Security Services can be found here.
AT&T Consulting offers an advisory service to assist with the development of comprehensive and informative security strategies that are effective and manageable, seeking maximum return on your security investments. Our consultants will develop a comprehensive information security framework that addresses your organization’s requirements for information protection, incident prevention, and detection and response, consistent with industry best practices. Our consultants will establish a plan that addresses risk monitoring and mitigation requirements, as well as emerging technologies such as mobile and cloud computing. A customized roadmap will be developed with detailed project plans, identified owners, timelines and resource allocation for the effective implementation of the security strategies.
The AT&T Consulting Governance, Risk and Compliance offer provides end-to-end consulting and advisory services for information security, governance, risk management, compliance and implementation. A key foundation for information protection and risk management is having a set of clear security policies. These need to be easily understood, up-to-date, fully implemented, complied with and consistently enforced. Our consultants can help you develop, update and/or validate security policies – especially those required for compliance such as: Enterprise Risk Assessments, FTC Mandated Assessments, Regulatory and Industry Standards-based Assessments, ISO 27001/2 Assessments and Certification and AT&T SureSealSMSecurityCertified Program.
AT&T Consulting is a Payment Card Industry (PCI) Qualified Security Assessor (QSA), a Payment Application Qualified Security Assessor (PA-QSA), and a Qualified Incident Response Assessor (QIRA). We work closely with you to gain a strong understanding of your business model and the critical supporting components and systems. This allows us to not only perform assessments, but also to provide strong strategic and tactical advice in the event that a PCI objective or control is not met or you experience a data breach. This offer includes program management, PCI health checks, readiness assessment, incident response and forensics, trusted advisor subject matter expert guidance and annual PCI compliance assessments.
When networks grow organically, or by merger and acquisition, they often end up performing sub-optimally. The same is true for security devices, for example, firewalls with thousands of rules. There may also be various programs and requirements that drive architecture changes such as the push towards de-perimeterization and network segmentation. Our skilled and certified security consultants have considerable experience in the areas of network consolidation and the analysis of data and packet flow. AT&T Consulting knows how to segment networks and then tune the security devices to improve performance and minimize impact. We have experience with data leakage and data loss prevention tools, as well as security event management devices and other state-of-the-art products. Our consultants can collaborate with you to develop a cohesive security architecture, which can be deployed and integrated in an adaptive and iterative lifecycle manner.
The Vulnerability and Threat Management offer provides an independent baseline and validation of the organization’s security posture. AT&T Consulting offers a comprehensive and world-class suite of vulnerability assessment and penetration testing services. AT&T Consulting can simulate real-world attacks to identify vulnerabilities in the network, evaluate risks, and develop remediation plans that are tailored to unique business requirements and security needs. When an effective program of risk management is implemented and operated in close alignment with business goals, there are returns beyond simple cost reduction. Studies show that firms with superior IT governance have higher profits than those with similar strategic objectives but which lack such governance.
The Application Security Services portfolio consists of tactical and strategic services to help organizations assess, manage, and reduce security risks arising from unsafe software development practices. AT&T Consulting offers four categories of application security services. Application Security Assessment offers automated and manual testing designed to circumvent the logic of the application in order to gain elevated access to systems or information. Application Security Program Management provides an application inventory, identification and assignment of risk classification, development of testing plans, and management and execution of the program. The third service, Security Code Review, examines all codes to identify potential weakness and vulnerabilities that could put the application and sensitive data at risk of disclosure or loss. Finally, we offer PCI PA-QSA Application Security Assessment. Visa and MasterCard encourage application development companies to certify payment applications in accordance with the PCI Payment Applications Best Practices program. Applications that meet these standards can be listed on the Visa/MasterCard web sites as PCI approved payment applications