IT-Security-Services-Consultation

House of IT offers a diverse range of IT security products and services which are implemented by our experienced and qualified IT security consultants. Each member of our security team has a minimum of five years’ experience in the IT security realm with leading industry standard and vendor certifications.

After being in the IT industry for fifteen years, House of IT has gained a wealth of experience and expertise from industry leading vendors and technologies. That’s why we’ve partnered with the best in the business and attracted the most highly sought-after consultants and engineers the industry has to offer.

From this wealth of experience, House of IT understands what is required to protect your business and its data. Our extensive range of products and partnerships with leading vendors is proof, to our commitment in providing the skills and expertise needed to implement and support the best IT security solutions.

The following list are just some of the areas we deal in and services we offer to protect and prevent our clients from the threats and vulnerabilities which could harm them, their business or their customers:

Information Security Governance, Risk Management & Cyber Law

Security and risk Management
Security governance
Security policies, standards, ethics, baselines and guidelines
Non-disclosure agreement’s (NDA)
Risk/Threat assessment and analysis
IT security compliance and regulatory reviews
Due diligence and due care best practices
Non-repudiation techniques
Penetration testing and vulnerability assessment
Information and asset classification
Ownership (e.g. data owners, system owners)
Auditing
Investigations
Liability
Compliance
Retention parameters
Data security controls and handling requirements (e.g. markings, labels, storage)
Intellectual property / cyber law advice and consultation
Privacy (The Privacy Act – principles, reporting, regulations and health records)

Physical Security

Physical access security
Biometric systems
Identification and swipe cards
Two-factor authentication
CCTV systems
Zeroisation and degaussing sensitive data
HVAC systems and monitoring
Identification and authentication of people and devices
Perimeter security and assessment
Identity and access provisioning lifecycle
Logging and recording of personnel

Network Security & Access Control (including Private, Public & Hybrid Clouds)

Firewall configuration
Rules and access control lists (ACL)
Security permissions and ownership
Port blocking
Subnetting, layering and zoning segregation.
Demilitarized zones (DMZ)
Network address translation (NAT)
Spoof prevention
DoS and DDoS prevention
VPN management (IPSec, SSL, L2TP, PPTP)
Intrusion prevention and intrusion detection systems
Web and application filtering
SQL injection, cross-site scripting (XSS), URL parameter tampering, session hijacking, buffer overflow prevention.
QoS implementation
Network anti-virus and anti-spam (filtering at the gateway)
RBAC, MAC and DAC access control methods

Cryptography

Data, backup and e-mail encryption
Public-Key infrastructure (PKI)
HTTPS/SSL/TLS implementations.
Digital signatures and certificates
Gate Keeper Type 3 certificates (Australian Customs)
Secure communication channel’s

Business Continuity and Disaster Recovery Planning

Disaster recovery processes and plans
Business continuity planning
BCP policy
BIA (Business Impact Analysis)
Preventative measures
Recovery and restoration strategy
Testing and revision plans
Logging and monitoring activities
Provisioning and protection of resources
Incident management
Patch and vulnerability management
Change management processes
File and data recovery