Data Protection

Information security risk assessment is the process used to identify and understand risks to the confidentiality, integrity, and availability of information and information systems.
In its simplest form, a risk assessment consists of the identification and valuation of assets and an analysis of those assets in relation to potential threats and vulnerabilities, resulting in a ranking of risks to mitigate. The resulting information should be used to develop strategies to mitigate those risks.

B.A.R.E.S. Assessment
Bison Active Risk Exposure System Assessment. This state of the art system of exposing information security risks quickly and directly identifies key corporate assets and their current protection strengths. This unique assessment identifies the real world weakness and strengths of the clients protection systems on all levels of security posture (physical, logical, electronic, social, environmental and business process/structure).

The result of this assessment enables clients to find out their true level of defense against generic and sophisticated attacks. Bison mIcrosystems will then build a protection and remediation strategy to enable the business to operate in a more secure and efficient manner.

Sarbanes Oxley (SOX) Assessment:
This assessment will include policy review, architecture review and security practice
review. By taking this approach, a security control baseline will be compiled for the
customer environment. This will give the customer an understanding of the current state of security as well as an accurate roadmap to Sarbanes-Oxley IT security compliance. In addition to technical reviews and policy inspection, a comprehensive requirements matrix will be compiled. This matrix will show mapping to specific security requirements, as interpreted by the provider, of Sarbanes-Oxley sections 302, 404, and 802.

Gramm-Leach-Bliley (GLBA) Assessment:
The GLBA assessment process is designed to identify measure, manage, and control the risks to system and data availability, integrity, and confidentiality, and ensure accountability for system actions within financial institutions. This particular assessment will follow the guidelines as provided by GLBA and FFIEC to assess the current level of compliance to GLBA and relative security of the environment.

NSA IAM/IEM Assessment:
The IAM consists of a standard set of activities required to perform an INFOSEC
assessment. In other words, the methodology explains the depth and breadth of the assessment activities that must be performed to be acceptable within the IATRP. The IAM "sets the bar" for what needs to be done for an activity to be considered a complete
INFOSEC Assessment. Providers who advertise an INFOSEC assessment capability and consumers seeking assistance in performing INFOSEC Assessments should use the IAM as the baseline for their discussions. Because the IAM is a baseline, providers can expand upon it to further meet the needs of the customers.

Business Continuity / Disaster Recovery

The goal for this activity is to develop a tailored and flexible plan that is easy to use when recovery activities are activated. Specific objectives to achieve this goal include:

- Define the components of the plan
- Select team leaders, members and alternates based upon functional areas who
may be involved in the plan development and initial walk through of the plan
- Develop procedures that address and document the steps for responding to a
crisis event, recovering operational capability and resuming critical business
functions, and eventually restoring all functions to "business as usual"
- Ensure important decisions are made and documented in the plan
- Document relationships that will be relied upon if the company experiences a
disaster, including contact names and type of assistance they may provide
- Review completed plans with senior management to confirm approach and
assumptions
- Reassess work program and schedule and make necessary adjustments

Disaster Recovery Testing:
Test Facilitation and Training services provide organizations with an independent,
objective exercise and assist with brining stakeholders up to speed on what they need to know. Testing gives management confidence in the validity of their plans, and training provides for usability of plans in the hands of stakeholders who will execute them.

Other Solutions Include:

Total Protection:
A core component of Bison Microsystems Total Protection is the key word "reasonable". We do not merely spout "best practice" recommendations.

Network Protection:
Can your company afford to have its network breached? What is the financial impact if a hacker were to get in?