About Us
Center Performance and Stress Testing
Two Day Assessment!
Call Center Assessment
CTI Development
Call Center Systems Review
eCommerce Security
Quick Case Studies
Speaking Schedule
Free Call Center Diagnostic
Links
Contact Us
 eCommerce Security Consulting Services:

As your call center expands capability with connectivity to the internet, e-Commerce grows at an astounding rate. Security becomes an important factor for any business that has a presence on the World Wide Web. While the opportunities for Business-to-Consumer and Business-to-Business applications opens new markets, the threats to your business are all too real. Integration of the World Wide Web with your Call Center presents even more business opportunities as well as greater risks. Every day the newspapers have new accounts of credit card information theft or denial of service attacks that can shut down an e-commerce web site. It is vitally important that you take the necessary steps to secure your e-commerce web site and protect your business's information assets.

Security Risk Assessment
The Security Risk Assessment begins with a review of your company's business controls including policies, organization, personnel, change management, system and network administration, and disaster recovery planning. On the technical side, we will collect detailed information on the configuration of your network, servers, routers and firewalls. We will collect information from selected documents, diagrams and interviews with the IT operations staff. We also use sophisticated scanning tools to probe your network and servers to find vulnerabilities that could compromise your company's security.

Deliverable: The final deliverable is the Security Assessment Report. This report will provide an analysis of the company's business controls as well as the current state of the technical controls that protect the network and associated computer systems. For every security vulnerability identified we provide specific recommendation on how to mitigate the problem and improve overall security. The report will provide an analysis of the network security architecture, and selected network server on a port-by-port basis that will identify specific security risks to that server.

Security Policies and Procedures Development
Our security consultants will evaluate your existing security policies and procedures and provide an unbiased assessment. If your current policies and procedures are out of date, we can help you develop new policies and procedures that address the risks of today's hostile Internet environment. We work with you to develop policies and procedures that are based on the unique requirements of your organization. We have developed client security policies and procedures in the areas of:

  • Remote Access
  • Internet Access
  • Firewall Deployment
  • Intrusion Detection and Monitoring
  • Third Party Network Connections
  • Security Incident Handling
  • Backup and Recovery
  • Business Continuity Planning

Our approach to developing security policies and procedures involves the client during every step of the process. We look for input from your call center, business users and your IT operations department to ensure that the policies meet the business needs of the organization and are also enforceable.

Deliverable: We will provide a set of core Security Policies and Procedures for your company. This document will provide the framework for all new security policies and procedures. It will start by defining the process for creating policies and procedures. It will contain an analysis of the information resources of your company and identify the potential business process and technical risks. Finally, it will contain the core policies required for your business such as: Internet Access, Users Access, Firewall Deployment, Intrusion Detection, and Backup and Recovery. We will also define procedures such as Security Incident Handling and Third Party Network connection.

Attack and Penetration Testing
Our security consultants will test the security of your network by attempting to break into it. Using the same tools used by malicious hackers around the world, our consultant can scan your network for weaknesses, attempt to get through your firewalls, and gain root or administrator access to your Internet based servers. We work with your own security team to create realistic attacks from the Internet, Dial-up access, or internally. This service is customized to meet the unique security requirements of your company.

Deliverable: We will deliver a detailed report that will identify the vulnerabilities discovered during the attack as well as recommendations to improve security. We will provide details on how the attack was staged, our results, and recommended countermeasures to correct your vulnerabilities.

Fred Hellman's Biography

© 2001 by The Stringham Group. All rights reserved.