Good security is more to do with good management than good technology and at SYFA we believe that good management is only possible if you have all the information you need to make good decisions.

Threat Risk Assessments
Managing Security is a key element to managing risk and without first establishing your risk profile you are making decisions without any baseline knowledge. SYFA can conduct a detailed TRA identifying all your ICT assets, the threats that could be brought to bear against them and then review your current countermeasures and work practices to establish your current risk profile. More importantly, we will make recommendations on how any residual risks can be addressed.

SYFA uses the AS/NZS 4360 along with HB 436 and 231 as the methodology for all commercial engagements. In addition to these standards, SYFA also uses ACSI 33 for Federal Government engagements and we have an I-RAP Assessor on staff for DSD approved engagements.

Security Policy
A critical document in any organisation, your Security Policy is defined from your Threat Risk Assessment balanced with your organisation’s business objectives. SYFA can review or develop your existing policies and Security Management Framework to compliance with ISO/IEC 27001 and other specific industry best practices, such as Sarbannes Oxley, HIPAA, etc.

Physical Security
SYFA has a SCEC Endorsed Consultant on staff to provide advice and assistance on all aspects of physical security. Server Room security is a speciality, though any Intruder Resistant or Secure Area project is core skills for SYFA. The successful project management of the Type 1 Alarm is critical to your overall security position and only at SYFA can you get an holistic security approach for compliance to PSM and ACSI 33 requirements all in one place.

Network Security Review
SYFA offers a service around the detailed review of your current network and gateway security systems. SYFA will review the design and configuration of your firewalls, IDS/IDP systems, email security systems and any other proxy services in use. Each security system will be investigated to see whether your policies are implemented effectively. The Network Security Review includes a vulnerability assessment of the systems under review.

Vulnerability Assessment
Its one thing to have the best policies and the best technology money can buy - but how do you know it delivers on the promises they make.- that’s where a Vulnerability Assessment is a critical audit tool to provide assurance that your environment is up to the task. Using a mixture of manual and automated tools, SYFA will test your systems as well as manually examining your critical configuration files.

Retained Advice
You may not be able to afford a full time ICT Security Expert on staff, but you can rely on a SYFA Consultant to provide ongoing advice and onsite management/administration by retaining our services on a part-time basis. From regular Gateway administration to ad-hoc Incident Response and Forensic evidence gathering, SYFA can tailor a retained service to meet your needs.