What Does ETI Do?
ETI provides Information Security Services that are tailored to fit each individual customers need. If your company requires Penetration Testing or Threat Analysis, ETI will provide you with these and other Testing Services. ETI's Assurance Services will provide guidance for GLBA Compliance and Risk Assessment, and Mitigation and Monitoring. Our Management Consulting Services will provide you with Enterprise Risk Management and Sarbanes-Oxley Support. Has your CIO decided it is time to upgrade your IT Infrastructure? ETI's Engineering Services will provide you with IT Infrastructure Design Review, Security Architecture Design Review, Certification & Accreditation, and more.


What is Information Security?
Information is an asset and provides value to the business owner and therefore should receive effective economical protection from threats.

“Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities.” - ISO 17799.

It is important to recognize that information comes in many forms such as the spoken word, paper documents, or on a computer display screen from an information system interconnected to the Internet. Information security addresses all these informational forms. Typically, information security is conceptually framed to encompass information systems and supporting infrastructures leaving out other forms like the spoken word.

This makes for a series of unaddressed vulnerabilities. For instance, wireless devices like cell phones with cameras can be used to take pictures of private paper documents and then the pictures can be transmitted anywhere in the world or added to a web site for common viewing by anyone having Internet access. Another vulnerability associated with cell phones is that they use public cellular broadcast networks and thus private conversations containing privileged information can easily be captured by unauthorized third parties. In a non-technological application, the spoken word may be heard out of someone’s doorway and down the hall possibly to a customer waiting area to an attentive but unauthorized listener. When Information Security is defined broadly it incorporates all these informational forms, their resulting risks, and corresponding protection requirements. Correctly, to get an adequate level of Information Security, people, operations, and technology must be integrated into an overall program.

What is the objective of Information Security?
“The objective of information security is protecting the interests of those relying on information, and the systems and communications that deliver the information, from harm resulting from failures of availability, confidentiality, and integrity.” Information Security Governance, 2001, ISACF IT Governance Institute.