Vanaloy Home Page About Vanaloy Consulting Products Services Market Contact Vanaloy

<IMG SRC="nonflash.gif" width=755 height=146 BORDER=0>


Financial Products




 Security Consulting


The security of information is a critical issue for business. Services offered by Logica Security Consulting focus on giving confidence that the real value of business information and the business processes underpinned by information technology is protected.


Audit, Security, Risks, BS7799, ITSEC, Firewall, Smart Cards, Risk Assessment, Risk Analysis, Risk Management


To achieve confidence that information technology meets this objective we offer:

  • Risk analysis

  • Security policy and strategy consultancy

  • Implementation of security alongside project teams

  • Independent security assessments and evaluation

  • Health checks

  • Training.

Vanaloy Security Consulting was established as Vanaloy Security Practice. Vanaloy Security Consulting works with market sector experts from within Vanaloy to ensure business expertise and security experience are combined.

To get confidence in IT security it is essential to manage the four dimensions effectively:

  • Organizational Security
    (aspects under the direct control of the organization)

  • Product Security
    (components of security provided by independent suppliers)

  • Infrastructure and Service Provider Security
    (components provided by external organizations)

  • Business Trading Security
    (security of processes between organizations and with customers)

Vanaloy can provide consultancy and assessment for each of these dimensions, using appropriate tools and standards including ITSEC, Common Criteria, and BS7799. 

Vanaloy Security Consulting and CLEF (Security Evaluation Facility):

  • leverages the in-depth knowledge and experience of Vanaloy to help you resolve security issues; builds, evaluates, and maintains high security networks and systems

  • is licensed by the Government to perform ITSEC evaluations, and is influential in the evolution of future standards and criteria for security evaluation

  • has a accreditation for performing security assessments to ITSEC levels E1 to E6 which ensures our independence and consistency of results

  • provides experienced staff with appropriate background checks

  • protects your confidential information by using government approved methods for handling and storage of information as required.

  • Information security policy development

  • Targeted evaluations and penetration testing

  • Common criteria evaluation

  • ITSEC evaluation

  • Pre-evaluation consultancy

  • certificate maintenance scheme

  • Network security consultancy

  • Training in security evaluation

As well as ITSEC evaluation of products and systems (for which we have a worldwide reputation for excellence) we are involved in a wide variety of related security work. For example:

  • ITSEC evaluation - firewall. Vanaloy performed the ITSEC E3 evaluation of the Cyberguard firewall, moving Cyberguard Corporation ahead of their competitors.

  • Security audit - finance. Vanaloy performed assessed a smartcard based high-value cash transfer system for a major overseas Bank. The emphasis of the study was on production of a 'Security Target' (defining the security baseline), followed by "hands on" testing of the system which included the implementing test programs to simulate attacks on the system.

  • Security audit - government. Vanaloy undertook a review of computer security, followed by penetration testing on a network of UNIX machines at the headquarters of this organisation. Testing included use of the SATAN network analysis tool.

  • Security review - telecommunications. Vanaloy performed an independent assessment of risk and technical countermeasures for a proposed smart-card prepayment system.

  • Security audit - manufacturing. Vanaloy performed an audit of a fully automated manufacturing and distribution facility. The audit covered the full range of IT facilities such as VAX VMS operating systems, applications (including accounting and manufacturing software), external links, and disaster recovery plans. It was targeted at a detailed technical level and resulted in significant improvements being identified.



Home | About Us | Consulting | Products | Services | Market | Contact Us

Copyright @2007. All Rights Reserved. Vanaloy.