Security Methodology

Ensure a Secure Environment

Business Strategy, Inc. uses a layered security design to account for the multiple threat categories that exist today. Below is a brief sample of some methodologies that Business Strategy, Inc. uses to ensure a secure environment.

Reconnaissance

  • A Demilitarized Zone (DMZ) Based Design. All databases and documents are stored on servers within Business Strategy, Inc.’s private network. The servers in the private network only accept connections from trusted sources within this DMZ. This design effectively masks the existence of the servers that represent the highest security risk to external users.
  • All ICMP traffic is blocked at the external firewalls.
  • Operating System Hardening. All operating system installations are hardened to prevent the publishing of information that would be useful to a malicious user. A combination of configuration settings, registry hacks, and IPsec policies result in a configuration that will not expose operating system versions, patch installation status, or user account information to port scanner and automated discovery tools.
  • Limited Internal Access. All support requests are routed to a single team of Business Strategy, Inc. employees. These employees are trained on Business Strategy, Inc.’s security policies to avoid the inappropriate sharing of information through social engineering attacks. Access to Business Strategy, Inc.’s data center is limited to authorized Business Strategy, Inc. employees.
  • Information Control. Business Strategy, Inc.’s literature does not contain information that is specific to established security protocols.

Network Prevention

  • Business Strategy, Inc. makes heavy use of encryption technologies like SSL, VPN, SSH, and PGP.
  • Best of Breed Environment. Business Strategy, Inc. employs a multi-vendor approach with the network devices that are used in our data center. This approach reduces the opportunity to exploit a vendor-specific vulnerability.
  • Denial of Service Hardening (DOS). All operating system and firewall installations are hardened to eliminate vulnerabilities that can be exploited to launch a denial of service attack.
  • Security Reviews. Business Strategy, Inc. staff regularly performs security reviews to ensure that no configuration errors exist.
  • Network Segmentation. The Business Strategy, Inc. network is heavily segmented. All data processing servers reside on their own network segment, resulting in multi-tier security layers for all client data. This effectively limits the exposure related to the use of packet-sniffing applications.

System Prevention

  • Patch Application. Business Strategy, Inc. has established a comprehensive process for patch installation. All applications, including operating systems, database server, and virus definitions, are routinely updated.
  • Limited Remote Access. All remote access connections are encrypted via either by SSL, VPN, Personal Certificates, or RSA.

Application Prevention

  • Complex Passwords. Business Strategy, Inc. uses robust password policies throughout the entire network. All passwords must meet specific length, complexity, rotation, and reuse policies.
  • Input Validation. The Business Strategy, Inc. server’s N-Tier design effectively prevents SQL injection attacks from occurring.
  • Web Server Hardening. A combination of security policies is used to produce a configuration that is resilient to a variety of known attack techniques. Access Control Lists (ACL’s) are also used to ensure that remote users are granted the lowest privilege level possible.

Data Prevention

  • Business Strategy, Inc. stores all client data in a hardened constructed data center.
  • Best of Breed Environment. Business Strategy, Inc. employs a multi-vendor approach with the storage devices that are used in our data center. This approach reduces the opportunity to exploit a vendor-specific vulnerability.
  • ILM/Compliance Strategy. As a best practice, Business Strategy, Inc. incorporates compliance (HIPAA, SOX) as service level requirements and has integrated them into the core ILM strategy. All client data is stored according to Business Strategy, Inc. defined Information Lifecycle Management (ILM) strategy. Included within, but not limited to, the ILM strategy are Storage Area Networks (SAN), Content-Addressable Storage (CAS), and WORM technologies.
  • Disaster Recovery. Business Strategy, Inc. follows a robust Disaster Recovery Plan with specific Recovery Time Objectives and Recovery Point Objectives.
  • Migration Planning. Business Strategy, Inc. adheres to an established data migration policy. On completion of an audit review, all client data is returned to the client. Or if requested by the client, all data is destroyed.

In this section

Business Strategy, Inc. uses a layered security design to account for the multiple threat categories that exist today.

Contact Us

We are ready when you are. We are excited to help you find increased proficiencies to your back office procedures.

phone 1.888.300.2151
Or, request information here >