1. Assessing and Remediating Business IT Security Risks
 Find the vulnerabilities before the hackers.
 Start finding your true risks with Security Assessments
 Don’t ignore it….fix it before it is exploited to your disadvantage
 A firewall is no longer enough!
 There are 2 types of businesses left in the US, those who have been
hacked, and those who don’t know it.
The adage of “if you don’t find it first, you lose” applies to Information Technology (IT)
security and compliance as much as it does in treasure hunting. Hackers have become very
sophisticated, and are out there trying to steal information from you 24x7. If you don’t find
the weak spots in your perimeter, the bad guys will, and the treasure you’ve accumulated,
whether its trade secrets, customer information, credit card data, consumer data,
healthcare data, business processes, or hard-earned profits will be lost, and may result in
business-killing lawsuits.
Secure IT environments rely heavily on a risk based security lifecycle, which starts with
broad security assessments, vulnerability testing, then remediation, implementation,
documentation, and further testing. The lifecycle then continues.
Internal IT staff often lack the time and/or lack the expertise to continuously monitor the
new ways the bad guys are looking to exploit weaknesses and to gain access to your
corporate systems. Traditional IT defenses such as patching, anti-virus, and a firewall are
no longer enough. Equilibrium’s IT professionals can work with your team to identify weak
points in your security, design and implement solutions, and test their effectiveness.

2. COPYRIGHT AND CONFIDENTIALITY NOTICES
© 2014 Equilibrium IT Solutions, Inc.
No part of this publication may be reproduced in whole or in part by any means (including photocopying or storage
in an information storage/retrieval system) or transmitted in any form or by any means without prior written
permission from Equilibrium.
Equilibrium Information Technology Security & Audit
Methodology
The top questions to answer are: (1) Where are my weaknesses? (2) How do I correct and
turn my weaknesses into strengths? and (3) When do I need to review and update my
security processes and procedures. The crystal ball can become clearer by understanding
the complexity of information systems, increased risks, and the need for
compliance of information systems and their relationship to enterprise success.
 Organization of Information Security
Information security organization, information security program compliance
 Security Policies, Standards and Procedures
Security policy and procedures, 3rd
party providers and subcontractors
 Compliance and Risk Management
Compliance with financial, regulatory, government and industry regulations,
risk assessment of external and internal vulnerabilities
 Human Resources Security
Human resources security, screening, information security awareness,
termination policies and procedures
 Operations Management
Operating systems management, asset management, change management,
anti-virus, backups, waste and media disposal
 Facilities and Physical Management
Facility management, facility access controls
 Security Incident and Threat Management
Incident response, monitoring and detection, patching
 Network Architecture
Network controls, data network configuration, firewalls, wireless networking,
mobile device security, BYOD
 System Security
Access control administration, user accounts, password management,
reconciliation of accounts, remote access, encryption and key management
 Application and Database Maintenance
Application development, application security architecture, deployment
processes and policies, application controls, code reviews, production system
access
 Disaster Recovery and Business Continuity Planning
Business continuity and disaster recovery contracts, locations, planning and
testing, documentation
About Us
Equilibrium specializes in providing businesses and organizations with professional IT
services. Our team of consultants, architects, technical project managers, and systems
engineers provide end-to-end integrated solutions. A major differentiator about us is that
Equilibrium’s consulting approach is truly vendor neutral. Our objectivity is a critical
component to our ethical operations and the level of trust we earn from our clients. We
function as an advocate for our clients helping them implement technology solutions that
satisfy their complex business requirements.