Security
Phone Support
LAN Assessment
WAN Assessment
Design Services
Consulting/Outsourcing
Managed Services
Integration Services

Security – ISG offers Security Assessments to determine if your assets are being protected and the demands are being addressed.

External Vulnerability Assessment
Internal Vulnerability Assessment
Penetration Testing
System Activity Review
Wireless Security Survey
War Dialing
Intrusion Detection Assessment
Business Impact Assessment
Social Engineering
Risk Analysis

External Vulnerability Assessment - ISG offers external vulnerability assessments that are designed to look at the environment from the publics view or in other words you are outside looking in. This is one of the first lines of defense for security on most networks. During this assessment we will identify vulnerabilities within systems: these may allow us access to the private parts of your network, allow us to perform a denial of service on your network, and may allow us to obtain information from your private network that should not be available on the outside of your unprotected network. If vulnerabilities are identified from the external view of your network you may choose to then initiate a penetration test (Below).
This service is typically done from remote and does not require an on site visit in most cases.
The goal of the assessment is to deliver a final report that will allow the organization to mitigate vulnerabilities and to develop a project plan and attack strategy on how to move ahead with the remediation of their external facing environment.
                                                                                                                       back to top

Internal Vulnerability Assessment - ISG offers internal vulnerability assessments that are designed to look at the environment from the inside or another description would be inside looking around. This type of assessment is to look at the systems that make up most of what the users see while they are interacting with the internal system. During this assessment we will identify vulnerabilities with systems that may allow us access to the private parts of your network, allow us to perform a denial of service on your network, and may allow us to obtain information from your network that should not be available to everyone on the LAN. We will also verify password complexities and review a sample number of servers and workstations to determine what may need to be done to enhance the organizations security posture. We will assess virus protection and patch management during this engagement.
This service is done on site and does require interaction from the IT staff members and may require limited input from end users.
The goal of the assessment is to deliver a final report that will allow the organization to mitigate vulnerabilities and to develop a project plan and attack strategy on how to move ahead with the remediation of their external facing environment.
                                                                                                                       back to top

Penetration Testing - ISG offers penetration for those customers that want to determine if we can actually get information from their private network. This is commonly referred to as ethical hacking. During this process we actually use the same tools and methods that hackers would use to gain control or access of systems and information that are to be protected. This type of testing is performed with caution it may cause disruption of services for the network users. During this process we will also try to avoid being detected by Intrusion Detection Systems (IDS)
This service is typically done from remote and occurs usually after an External Vulnerability Assessment (Above)
The goal of this testing is to determine the potential risk associated with the vulnerabilities identified from the activities above. After verification of the information from the testing, we would then recommend a mitigation plan to secure the date and network to prevent the information from being accessed and to report on what was accessed by the review of logs from the IDS or other systems
            Optional Service: IDS avoidance is the practice of spreading out the attack over a longer period of time to see if we can gain access or penetrate the network fooling the IDS so it does not report on those activities. Please note with IDS avoidance it will lengthen substantially the time to complete the project however if someone were trying to break in it is what they would do.
                                                                                                                       back to top

System Activity Review - ISG has developed an offering that will review the audit trail that may or may not exist in the organization. Having an appropriate audit trail can help defend and protect the organization by allowing the appropriate staff to understand not only who but how and when things occurred. This can become invaluable information in regards to writing policy and allowing for a defensible position if needed. This is also something that is required under most compliancy rules such as HIPAA, Sarbanes-Oxley and GLBA.
This service is typically done with a combination of on and off site work. Penetration testing and Vulnerability assessments are generally combined with this in order to validate the audit trails.
The goal of this review is to develop a logging and audit trail that will allow the organization to review, debrief and defend if need their private information.
                                                                                                                       back to top

Wireless Security Survey - ISG offers wireless security surveys that can be added on to all of the services performed above. This can be done as an al-a-carte service as needed. This type of survey is to look at the ability of people to access internal systems through the use of wireless networks. It is also designed to look for rogue access points that are not authorized in the environment.
This service is done on site and does require interaction from the IT staff members and may require limited input from end users.
The goal of the assessment is to deliver a final report that will allow the organization to mitigate vulnerabilities associated with having wireless networks in their environment.
                                                                                                                       back to top

War Dialing - ISG offers war dialing that can be added on to all of the services performed above. This can be done as an al-a-carte service as needed. This type of assessment is to look at the ability of people to access internal systems through the use of modems and other telephonic connected devices through the standard public switched telephone network (PSTN). It is also designed to look for rogue modems that are not authorized in the environment.
This service is done on site and does require interaction from the IT staff members and may require limited input from end users.
The goal of the assessment is to deliver a final report that will allow the organization to mitigate vulnerabilities associated with having Dial-Up capabilities in their environment.
                                                                                                                       back to top

Intrusion Detection Assessment - ISG offers IDS assessment that can be added on to all of the services performed above. This can be done as an al-a-carte service as needed and is included with the penetration testing above. This type of assessment is to look at the ability of the IDS equipment to report on our attempts to access the network and data while we are not authorized.
This service is done on site and off site depending on the design of the network and does require interaction from the IT staff members in some cases.
The goal of the assessment is to deliver a final report that will allow the organization to tune, enhance or deploy IDS in their environment.
                                                                                                                       back to top

Business Impact Assessment - A Business Impact Assessment (BIA) plays a vital role in the business continuity planning process, ensuring that senior management allocates resources in the most cost-effective way to balance operational continuity with business needs. The BIA process must link interruptions of operations with business needs; otherwise the assessment may lead to too much or too little business continuity. BIA methodologies should not only provide a technical assessment of business impacts but also a business justification for disaster recovery and business continuity plans.
This assessment does require interaction from a wide variety of resources at the location and will require both on and off site work.
The goal of this assessment is to help an organization understand their critical business systems and develop business continuity and or a disaster recover plan that is customized for the organization.
                                                                                                                       back to top

Social Engineering – In computer security, social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what used to be called a "con game". For example, a person using social engineering to break into a computer network would try to gain the confidence of someone who is authorized to access the network in order to get them to reveal information that compromises the network's security. They might call the authorized employee with some kind of urgent problem; social engineers often rely on the natural helpfulness of people as well as on their weaknesses. Appeal to vanity, appeal to authority, and old-fashioned eavesdropping are typical social engineering techniques.
Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed. Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate.
This process is conducted both on site and off site and may utilize many other methods of intrusion
The goal of social engineering is to identify weaknesses in Policy, Procedure and training from the human perspective as it relates to information security.
                                                                                                                       back to top

Risk Analysis – Risk analysis plays a role in corporate governance and performance, ensuring that senior management allocates resources in the most cost-effective way to balance information security with business needs. The risk analysis process must link security exposures and business needs; otherwise risk analysis may lead to too much or too little information security.
The risk analysis process varies according to an organization’s particular needs and skills, as well as the particular risk analysis tools deployed. Fundamentally, the risk analysis process must answer these questions:
What can go wrong?
What is the probability that, what can go wrong will go wrong?
What are the consequences?
Real-world risk analysis goes beyond the answers to these questions.
Risk analysis identifies and evaluates business processes and supporting information systems, potential system vulnerabilities and threats, calculated risks and the effectiveness of possible controls. Once these steps are completed, the process should be repeated on a regular basis to ensure that the decisions made and controls implemented continuously reduce risk while effectively meeting business needs and goals.
Risk Analysis typical contains most if not all of the processes previously discussed and is generally customized to the environment and the compliancy issues faced by the organization including HIPAA, SOX, GLBA and FISMA.
This process is conducted both on and off site and the overall process varies depending on the compliancy and the organization the work is being done for.
The goal of a Risk analysis is to not only provide a technical assessment of vulnerabilities but also a business justification and prioritization for implementing security controls.
__________________________________________________________________________  back to top

Phone Support – ISG offers 9x5 and 24 x7 phone support.
__________________________________________________________________________  back to top

LAN Assessment – We offer performance and capacity planning.  We have highly skilled engineers who can analyze and resolve problems, determine your IT infrastructure demands and provide you a written report of where you are today and what you should focus toward strategically with the proper initiatives before the problems occur. We provide a value-based assessment beyond your expectations. ISG will uncover degradation, vulnerabilities, anomalies and other possible network failure to realize great efficiencies for peak system performance.
__________________________________________________________________________  back to top

WAN Assessment – We can provide you the visibility of you inbound and outbound link, what applications are running well, and what applications are causing problems with the back-up data and response time measurement for proof.  We can provide a written analysis to help you monitor your current performance and discuss alternatives to reach the performance levels you are looking to obtain.
__________________________________________________________________________  back to top

Design Services: ISG works with networks every day.  We understand your business and the objectives you need to achieve and how technology can allow you to meet those objectives.  We have excellent resources where we have helped to build some of the largest mission-critical networks in Chicago that are in production today. We have assisted several companies in redesigning internal networks that has increased performance and saved time and money.
__________________________________________________________________________  back to top

Consulting/Outsourcing: ISG has the capability to provide technical experience quickly and efficiently. As a partner ISG will learn about your business. ISG has helped senior executives make rapid, accurate decisions and provided complimentary resources to their existing staff on a variety of options. Build outs, upgrades, Migrations, IP Telephony preparation, Project Management, wireless, and security.
__________________________________________________________________________  back to top

Managed Services: ISG managed services perform as a virtual IT department without the overhead but with the reliability you can trust. Our offerings of service and support allow you to maximize your network uptime, keep ahead of changes, and remain profitable. Because ISG takes a proactive report you may never know an issue exists until you provide you a report. Speak to us about our monitoring capabilities and offerings.
__________________________________________________________________________  back to top

Integration Services: ISG consults on this process every day.  Organizations are challenged every day with a variety of network issues that can have dramatic effects on their existence.  Businesses need to add complimentary resources in order to stay on top of the constant changes in our industry. ISG has highly trained engineers who can address numerous network issues.