Professional Services:

Navastream's business is Managed Security Services (MSS). We provide a managed security infrastructure, and leverage the potential, with a powerful combination of unmatched technology and proven expertise. To accomplish this, we provide an array of professional services that help our customers fully utilize the security service that we provide.

Without well defined, actionable Polices and Procedures, inconsistency and indecisiveness could create unnecessary risk-no matter how much emphasis is made on technology.

Navastream's value is our unique combination of people and technology. Our Security Analysts are highly trained and singularly qualified experts who understand the need to protect your business assets.

Securing Your Information Assets

The foundation of most American businesses is information. Your information assets are specific and unique to your business functions and business strategies. Generally speaking, these assets can be categorized as:

• Those assets where contractual and legislative compliance apply.
• Those assets susceptible to and needing virus prevention.
• Those assets needing intrusion detection and monitoring.
• Those assets critical to business recovery following security compromises.

A Comprehensive Security Policy

A comprehensive Security Policy investigates the requirements and priorities for information security and clearly demonstrates management's commitment to an enterprise security program.

Navastream will work with you to develop a comprehensive security policy that addresses the following areas:

• Organization
• Personnel
• Physical controls
• Asset classification and control
• Network and computer management
• Data encryption
• Business continuity
• Application development
• Regulatory Compliance

A truly comprehensive security policy includes the following:

• A definition of information security with a clear statement of management's intentions.
• An explanation of specific security requirements including:
• Compliance with legislative and contractual requirements.
• Security education, virus prevention and detection, intrusion avoidance and detection, and business continuity planning.
• A definition of general and specific roles and responsibilities for the various aspects of your information security program.
• An explanation of the requirement and process for reporting suspected security incidents.

Comprehensive security policies require clear, concise, well-defined, and documented security procedures to make them effective. Procedures should be developed based on your organization's predefined information security standards.

Example Procedures

The following are examples of important security procedures:

• Roles and responsibilities of security staff members
• Classification and protection of information media
• Employee awareness programs
• Incident reporting and response
• Enterprise-wide anti-virus measures
• User and password management

Structure of a Procedure

When defining each of the above procedures, you should include:

• Purpose
• Intended audience
• Owner
• Version number
• Approval date
• Revision history
• Revision process
• Process flow diagram
• Supplier responsibilities
• Customer responsibilities
• Tasks
• Quality controls

Navastream believes that it is critical to define and formally document procedures that will meet your business needs for efficiency, effectiveness and adaptability. We work closely with each new client before any services begin to review, assess, define and enhance these procedures.