Security Services
Champion's security services help protect an organization's IT infrastructure from known and unknown threats. Reliable security is mandatory for a company's survival, but poorly implemented or complicated security measures can hinder growth and be costly.
Sarbanes-Oxley (SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long.
Security Offerings
Security Offerings for Regulation & Compliance Back to Top
Financial Reporting and Disclosure: Executives are concerned about the data that they use to “report” publicly. The reasons are varied but include the companies value to current and possible share-holders as well as the fact that they can be held personally (financially) liable for misleading statements and reports.
Champion has partnered with IBM / Internet Security Systems to be able to provide business analysts to assist publicly traded companies of all sizes to develop a COSO Framework for SOX Compliance. We have an 8 Step process that can assist companies of all sizes to achieve and maintain SOX Compliance.
IT Controls, Monitoring and Reporting: No longer just paperwork. The SEC has added teeth, publicly traded entities need to demonstrate their abilities to monitor and report on data flow, usage and validity
Champion offers the following security offerings as both a solution set for internal management as well as offering external 24x7 management through our partner IBM - Internet Security Systems
- Firewall - A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks.
**Solution Offerings from IBM/ISS Proventia, Cisco and others
- Intrusion Prevention Systems - An IPS is a security management system for computers and networks. The IPS analyzes information from various areas within a computer or a network to identify possible security breaches. IPS systems also provide “Patch Management” abilities. Patch Management or Updates (Applications, operating systems etc) can open security holes into your network. An IPS will understand the “patterns” associated with these types of breaches and stop the request before it touches your mission critical systems. IT is often challenged to implement patches without the necessary testing to close a security hole. An IPS system often closes this hole before the vulnerability is widely known.
**Champion provides solutions from ISS Proventia, Cisco and others
- Centralized Log Management & Reporting - IT staff are often bombarded by data from log files including application, server, firewall, IPS and many more systems and find it difficult to cull through the immense amounts of log data created on a daily basis. Through the use of a centralized reporting tool companies can understand and provide documentation on user accesses and activities.
**Champion provides solutions from Tivoli, ISS and others
- Data Leakage Management -Data-leak protection goes by many names: Data loss protection or prevention, anti-data leakage, insider-threat protection, outbound content management just to name a few. The point of these products is to monitor, document, and often prevent sensitive information from leaving an organization without authorization.
**Champion provides solutions from Tivoli, ISS and others
- Application Security Testing -Many organizations develop Web-based, as well as other more traditional applications in house. In conjunction with IBM / ISS, Champion can provide you with a secured code review. Security is all too often the last thing an application development team considers as this is typically not in their comfort zone. Through Champion’s partnerships we can provide application development teams with a centralized security methodology that can be applied to all their in house projects both past and future. Additionally, we can provide resources that will both computer generated and manually reviewed will check parts or all of your code for errors, or possible security issues that may arise now or in the future.
**Champion can provide these services through Tivoli and ISS
- Virus and WEB -Virus, Malware and other “bots” are all too often a serious problem at large organizations. Champion can provide centralized management of these types of events and provide solutions from multiple manufacturers.
**Champion provides solutions from ISS, Symantec and TrendMicro
The Payment Card Industry require banks, online merchants and Member Service Providers (MSPs) to protect cardholder information by adhering to a set of security standards. The Payment Card Industry security standard (PCI) includes MasterCard's Site Data Protection (SDP) program and Visa's Cardholder Information Security Program (CISP).
- PCI Gap Analysis - Companies requiring PCI compliance range from small businesses doing $1000 a month or less in credit card transactions to the largest companies in the world doing millions per month or more. Champion provides services to enable your organization to understand what needs to be done to your systems to achieve PCI compliance before Visa or MasterCard puts your company under a time line for meeting PCI requirements or facing fines or less of the ability to accept credit cards. The analysis provides a “current state” and more importantly a path to follow for achieving and maintaining compliance.
- PCI Compliance Certification - This step is required and provides your organization with the appropriate documentation that is accepted by the Payment Card Industry. This certificate is provided by ISS after the completion of remediation of the issues discovered in the Gap Analysis as well as the completion of an additional test of the entire environment. This service is provided through Champion by ISS which is one of less than 10 companies certified to deliver a PCI compliance certificate.
- Penetration Testing - Express penetration testing services help mid-market organizations quickly assess the security posture of their networks by safely identifying network vulnerabilities before they are exploited. CSG security consultants use real-world exploitation scenarios to demonstrate how attackers can gain access to sensitive data or systems and significantly impact your business. This type of test is required once, unless your organization “fails” PCI compliance and is placed at a higher risk level by the PCI.
**Champion provides Penetration testing services on an as needed as well as a pre-scheduled quarterly to help you maintain PCI compliance.
Authentication, Authorization and Single Sign-On Back to Top
Tivoli Identity and Access Manager
Tivoli Identity Manager provides a secure, automated and policy-based user management solution. Tivoli Access Manager is a hub for authentication and authorization for Web and other applications that centralizes security management across applications and operating systems and makes it easy and more cost effective to deploy secure applications.
- Enables flexible Single Sign On (SSO) to Applications and reduces help-desk calls
- Reduces administrative costs for managing accounts, groups, policies, credentials and access
- Accelerates new application roll outs and users via preconfigured policies and templates
- Read only mode for auditors to assist in your compliance requirements
- Reports on and corrects noncompliant access rights through recertification workflows or automatically via role-based access control policies and provides granular, auditor-friendly details for compliance
- Single point of authentication enables advanced logon controls, including smart cards, certificates and multi-factor or step-up authentication
Encryption Key Management for Applications and StorageBack to Top
Tivoli Key Lifecycle Manager
Tivoli Key Lifecycle Manager helps IT organizations better manage the encryption key lifecycle by enabling them to centralize and strengthen their internal encryption key management processes.
- Centralize and automate the encryption key management process
- Enhance data security while reducing the number of encryption keys to be managed
- Simplify key management with an intuitive user interface for configuration and management
- Help minimize the risk of loss or breach of sensitive information
- Help facilitate compliance management of regulatory standards such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA)
- Extend key management capabilities to both IBM and non-IBM products
- Leverage open standards to help enable flexibility and facilitate vendor interoperability
- Operating systems supported: AIX, Linux, Sun Solaris, Windows
Event Management, Correlation and ReportingBack to Top
Tivoli Security Information and Event Manager (TSIEM)
TSIEM provides centralized log management, event correlation, a policy compliance dashboard and reporting engine.
- Facilitate compliance with centralized log management, dashboard and reporting capabilities
- Help protect intellectual property and privacy by auditing the behavior of all users – privileged and non-privileged
- Manage security operations effectively and efficiently with centralized security event correlation, prioritization, investigation and response
- Operating System, Mainframe, Database and application auditing
- Integration with IT Operations solutions for improved quality of service and problem resolution
- Operating systems supported: AIX, Domain/OS, Linux, SCO Unix, Sun Solaris