Infrastructure Security Review
	The need to manage the server environment professionally and securely becomes ever more compelling. Every year the global IT environment becomes more hostile with viruses, trojans and other malware becoming more sophisticated and destructive. Meanwhile, in response to a number of corporate accounting scandals, including Enron and WorldCom, the US Federal Government passed The Sarbanes Oxley Act in 2002. It establishes new much more demanding standards for all U.S. companies. Because most companies’ financial reporting & controls are enshrined within IT systems, the implications for the IT function are significant. While SOx is not yet a requirement for UK companies, it has highlighted the need for effective processes and controls. Infrasys have developed processes and software to review and improve the security of IT infrastructure, making it comply with 'best practice' processes and protecting it from malicious attack.
	The Problem The majority of systems in use in companies today were developed before these new standards were laid down. The challenge for the IT function is to identify and rectify non-compliances rapidly and cost-effectively. On the one hand servers must be configured in such a way that all known weaknesses in the operating system are addressed, on the other effective processes and controls must be in place to ensure that the environment is robustly managed. These include change management, source code & document version control, software development standards, security policies and processes, incident management, technical support policies, hardware & software configuration, installation, testing, and management standards, disaster recovery & backup and restore procedures. The challenge for the in-house team is to keep abreast of this rapidly changing compliance framework whilst simultaneously fighting off external attack.
	Service Scope The Infrasys Server Environment Security solution focuses on compliance of the IT Infrastructure. It comprises a methodology to validate security process and controls and uses a combination of audit review processes, checklists and software based automated audit tools. The first part of the solution is three day fixed-price security review. This diagnostic process allows for a sample-based review of the environment during which non-compliances are identified and the nature and scale of any problems defined. Based on this diagnostic survey, a proposal is developed for the second stage. This will include any further diagnostic work required and the rectification of issues which have been identified. The rectification work can be undertaken by Infrasys or by the client’s in-house team.
	Benefits A rapid assessment of the scale and nature of security compliance issues, undertaken by experts, ensures that in-house teams are not distracted by trying to get to grips with a topic of which they have limited experience or knowledge. By working with Infrasys, the in-house team will learn at first hand what the issues are and how to address them.
	Why Infrasys This is a rapidly developing area. Infrasys have significant experience of security management and SOx implementation working with major US companies. Infrasys have developed tools and processes to undertake this work quickly and cost effectively.
	Reference Site Jaguar and Land Rover – Infrasys have developed and implemented various security tools, process and controls across the server environment. This includes controlling administration IDs and super user access, system file changes, change management and report generation. Infrasys have also undertaken a number of SOx audits on behalf of Jaguar and Land Rover.
	Contact Infrasys Sales Hotline - Tel: +44 (0) 121 506 9240, Email: info@infrasys.co.uk
	[<< Disaster Recovery Solutions]