Increased interconnectivity over the worldwide web increases vulnerability.
Securing our cyberspace, I.T. infrastructure, operating systems, applications and equipment ensures overall protection for Brown & Joseph and our clients.
- Security management process to prevent, detect, contain and remedy security violations
- Designated security officer develops and administers the data security policy
- Information security awareness and training is conducted for all appropriate employees
- Security incident procedures for handling breaches of data security
- Business continuity plans
- Business plans are tested and evaluated on a periodic basis
- Access Controls – security software that denies or permits electronic application or data access such as security desk, monitored entrances, door locks/card reader access only, visitor credentials
- Protective Devices – Surveillance cameras, fire detection system, afterhours motion alerts
- Flood Management – Water sensor contained in data center
- Event Monitoring – Access, admin activities, use of privileged accounts, changes to controls, suspicious patterns of activity, attempts to access sensitive files, rejected attempts at accessing resources, etc.
- Data integrity managed through security access and controls and with critical business data backed up daily (onsite and maintained offsite)
- Secured network and workstation with individual sign-ons
- Technical architecture controlled by network and firewalls
- Penetration Testing (pentesting) is the process of testing our applications for vulnerabilities.
The purpose of a penetration test is to identify any key weaknesses in our systems and applications and to determine how to best allocate resources to improve the security of our organization as a whole.
In addition to pentesting being regularly performed by our Chief Technology Officer, further pentesting involves a team of skilled hackers. We purposefully ensure that the hackers do not have access to any source code and ask them to try to gain access to our systems.
Penetration tests are carried out on IP address ranges, individual applications or our company name. All of our I.T. security and safeguard certifications are readily available to qualified inquiries.