Information system security is a difficult problem and must
be tackled at all levels. That is, the application must be
secure from exploitation and the infrastructure on which applications
are hosted must also be secure.
Security by Design
Any system that needs to be secure needs to incorporate the security
measures into the system design. Stated differently, security is an aspect
of the system that needs to be considered during the conception of
the system rather than being added at a latter point in time. Gethos works
with clients to help them understand their risk profile and then
weave the subsequent security requirements into the system being built.
Cryptographic expertise
To secure applications and information transmitted over
open networks, one often needs to employ cryptographic tools.
This can be as simple as using web servers that support SSL to encrypt
world wide web traffic. In other cases it may require using
trusted cryptographic routines as part of applications, or
even developing custom cryptographic solutions.
For all of these tasks it is important to know the concepts
involved in cryptography and to understand the implications
of various techniques.
For an introduction to the key concepts of cryptography,
Stewart Gebbie's Mathematics Masters
Cryptography
Report is available to read.
Host and Network security
To secure the infrastructure, you must secure the individual
machines as well as services that can be accessed remotely
via a network. To do this Gethos follows a number of
best practises as well as drawing on knowledge of
common risks and exploits that are often used to break into systems.
In conjunction with
this security auditing tools are employed to automatically
find many common network security holes.
![[prev]](../images/icons/back.png){kind=icon}
![[home]](../images/icons/house.png){kind=icon}
![[next]](../images/icons/forward.png){kind=icon}
![[GeThos]](../images/icons/gethos-colour.png){kind=icon}