ABOUT WITS

		WORLD IT SOLUTIONS The beginning of each day is about possibilities. The end is always about results. Keep your WITS about you.

INFORMATION ASSURANCE

IA CAPABILITIES

Whether you need someone to design, engineer and implement your company infrastructure, maintain your network, train staff, explain differences in vendor offers to help you compare "apples with apples" or upgrade your entire network WITS is your cost effective partner.

We perform detailed IA Risk Assessment, Analysis, and Mitigation in accordance with GAO, NIAP, DITSCAP, TEMPEST and HIPAA .

World IT Solutions can deliver!

WITS is dedicated to the implementation of secure, innovative IT solutions using best of breed Telecommunications, Information Technology and Information Assurance industry products. Delivering superior support for every product to each customer is our only focus.

The WITS IT and IA Network Services Team will position the Client to profit because WITS continuously educates our staff using meticulous, cost-effective analysis of emerging technologies and their applications. The WITS IT and IA Network Team is visionary in its preparation and practical in its execution. WITS will help you invest your dollars wisely.

Your IA partner should be in a word, secure.

WITS holds a DOD Top Secret Facilities Security Clearance. With cleared staff up to and including Top Secret SCI and one of the largest percentage of TS cleared Register Communications Distribution Designer's (RCDD) in the industry we are ready to work with you to design, secure and manage your voice, video and data networks. WITS staff is certified in all major manufacturing leaders of the IA field, such as IBM, Check Point, Cisco, Nortel, Symantec, Novel, Sun and Microsoft.

There are three divisions to Information Assurance

	CONFIDENTIALITY
	INTEGRITY
	AVAILABILITY

All of Information Security controls and safeguards, and all of the threats, vulnerabilities, and security processes are subject to the C.I.A. yardstick.

The primary objective of security controls is to reduce the affects of security threats and vulnerabilities to a level that is tolerable by an organization. The main purpose of performing a Risk Analysis is to quantify the impact of these potential threats; to put a price or value on the cost of lost business functionality.

The two main results you will get from a WITS Risk Analysis- “the identification of risks” and “the cost/benefit justification of the countermeasures”- are vitally important to the creation of a Risk Mitigation strategy.

There are several benefits to our meticulous approach of performing a Risk Analysis. We help you create a clear cost-to-value ratio for security protections by:

	Identifying your assets
	Identifying the threats
	Establishing a clear value chart for each

By penetration testing and other methods, we identify vulnerabilities, which are the absence or weakness of a security safeguard deployed to protect against a threat.

Our Risk Analysis will also help influence the decision-making process dealing with hardware configuration and software systems design. In addition it also helps a company to focus its security resources where they are needed most. Furthermore, it can help influence planning and construction decisions, such as site selection and building design.

WITS Risk Analysis covers four basic elements:

	Quantitative Risk Analysis
	Qualitative Risk Analysis
	Asset Valuation Process
	Safeguard Selection

World IT Solutions has a broad knowledge of Common Criteria validated Products as listed on The National Information Assurance Partnership (NIAP) website NIAP WEBSITE and of ICSA approved ICSA WEBSITE technologies.

The National Institute of Standards and Testing (NIST) and National Security Agency (NSA) have recently announced a new collaborative effort to produce comprehensive security requirements and security specifications for key technologies that will be used to build more secure systems for our Federal Agencies. These security requirements and security specifications will be developed with significant industry involvement and employ the new international security standard known as the Common Criteria (ISO/IEC 15408). Protection profiles in key technology areas such as operating systems, firewalls, smart cards, biometrics devices, database systems, public key infrastructure components, network devices, virtual private networks, intrusion detection systems, and web browsers will be the primary focus of this high priority project. The National Information Assurance Partnership web site will be the primary distribution vehicle used to disseminate information on the status of all development efforts associated with this project.

Tool selection can be broken down into three broad categories:

Vulnerability Assessment

Two types: Active and Passive.

	Passive- Typically used to look for security policy violations such as weak system passwords, unwise deployment of system files and settings.
	Active- Usually employed after a passive check. This should be a network-based assessment that would deploy common intrusion scripts, recording system responses to the scripts. These cannot detect an attack in progress but are able to reliably predict if an attack is possible and in most instances if an attack has already occurred.

Firewalls

A barrier between the corporate (internal) networks and the outside world, and filter incoming traffic according to a security policy. There are numerous ways to classify a firewall. Based on the clients’ needs, security strategy and level of staff expertise we typically recommend a filtering firewall, stateful inspection firewall or a application gateway firewall.

Intrusion detection

The ability to detect an intrusion before or as it is happening and deploy a response in real time. They provide a greater degree of integrity as they can be used to monitor the operation of firewalls, encrypting routers, key management servers, and critical segments such as R&D or financial subnets.

Copyright 2007 World IT Solutions