What Does ETI Do?
ETI provides Information Security Services that are tailored to
fit each individual customers need. If your company requires
Penetration Testing or Threat Analysis, ETI will provide you
with these and other Testing Services.
ETI's Assurance Services will
provide guidance for GLBA Compliance and Risk Assessment, and
Mitigation and Monitoring. Our
Management Consulting Services will provide you with
Enterprise Risk Management and Sarbanes-Oxley Support. Has your
CIO decided it is time to upgrade your IT Infrastructure? ETI's
Engineering Services will provide
you with IT Infrastructure Design Review, Security Architecture
Design Review, Certification & Accreditation, and more.
What is Information Security?
Information is an asset and provides value to the
business owner and therefore should receive effective economical
protection from threats.
“Information security protects information from a wide range of
threats in order to ensure business continuity, minimize
business damage and maximize return on investments and business
opportunities.” - ISO 17799.
It is important to recognize that information
comes in many forms such as the spoken word, paper documents, or
on a computer display screen from an information system
interconnected to the Internet. Information security addresses
all these informational forms. Typically, information security
is conceptually framed to encompass information systems and
supporting infrastructures leaving out other forms like the
This makes for a series of unaddressed
vulnerabilities. For instance, wireless devices like cell phones
with cameras can be used to take pictures of private paper
documents and then the pictures can be transmitted anywhere in
the world or added to a web site for common viewing by anyone
having Internet access. Another vulnerability associated with
cell phones is that they use public cellular broadcast networks
and thus private conversations containing privileged information
can easily be captured by unauthorized third parties. In a
non-technological application, the spoken word may be heard out
of someone’s doorway and down the hall possibly to a customer
waiting area to an attentive but unauthorized listener. When
Information Security is defined broadly it incorporates all
these informational forms, their resulting risks, and
corresponding protection requirements. Correctly, to get an
adequate level of Information Security, people, operations, and
technology must be integrated into an overall program.
What is the objective of Information
“The objective of information security is protecting the
interests of those relying on information, and the systems and
communications that deliver the information, from harm resulting
from failures of availability, confidentiality, and integrity.”
Information Security Governance, 2001, ISACF IT Governance