Net Reaction - Information Security Planning and Response

Net Reaction has worked with hundreds of organizations in building information security programs. From some of the largest corporations in the world to organizations with just one or two people, we have been fortunate to have seen information security initiatives of all types and implementations. We have seen what works well, and what doesn't work so well. When we make a recommendation, it is because we have seen that action work. Information security does not have to be terribly complex. But, you do have to put careful thought into what you are doing and remain vigilant. Criminals evolve. You have to evolve as well.

Our solutions are built on three principles. First, we want to assess where you are. Every organization is different, and each has different skills and needs. By understanding where you are today, we can better help you focus your efforts. We use some simple questionnaires to assess where you are starting from. The questions are pretty simple, and it is an easy way for us to see where we need to start with you.

Second, we want to educate you, the user. While we are not trying to make anyone an expert, we have found that people operate most effectively when they understand what they are doing, and why they are doing it. We accomplish this by separating the guidance from the tasks. You may never put your hands on a wireless access point to lock it down. That's fine, and your IT person would likely prefer you leave it alone. But, you should have at least a rudimentary understanding of what is entailed in locking one down and why it needs to be done. This helps management make informed decisions and keeps them from feeling like they are being held hostage by other groups in their organizations. We include the guidance pieces to educate and include task lists, checklists and other resources to help the people assigned to those tasks to get them done.

Third, we believe that whenever we recommend that you do something, to the extent possible, we should provide you with an example that you can use as a starting point. Most people have never written an information security policy or an incident response plan. We have, hundreds of times in fact. Where possible, we will include policy templates, checklists and sample documents that you can use to help you get started.

We continue to learn from our users' experiences. We value your feedback and comments, critical ones included. If we can help you at all, or you feel that we can do something better, you are doing everyone a favor by letting us know.