Policy & Procedure
Infrastructure & Architecture
Develop, Test, Release
Architectural Standard Creation
Architectural reviews of applications can bring sanity and order to roles and responsibilities in applications across your entire organization. Saltworks Security can help enterprises create architectural standards that ensure your data stays secure, including standards for:
Encryption can become weaker over time as new vulnerabilities are discovered, libraries become outdated, and algorithms fall behind new methods of attack. Saltworks Security can review your encryption libraries and settings to ensure your data stays protected.
Authentication ensures your users are who they say they are. Saltworks Security can evaluate all authentication processes, including that users are properly validated prior to account creation, are only logged in for pre-determined lengths of time, and that the identify of users is properly established before any reset/recovery activity takes place.
Authorization establishes roles and responsibilities for authenticated users. Saltworks Security can evaluate all authorization processes, including proper separation of duties and access, and ensure the principle of ‘least privilege’ is in place (meaning valid users are only permitted access to those programs, information, and/or servers necessary for their specific functions or job assignment).
Logging with SIEM integration
Most security incidents still occur at the application layer, so proper logging of events is extremely important. However, sensitive data should be masked or excluded for those events while still relaying enough information to resolve problems. Saltworks Security can ensure your logging processes are secure, including creating standards for proper protection and access controls for log files, archiving and destruction procedures, and log reviews and alerts.