Earthwave understands that clients need to comply with certain configuration and security standards to ensure the appropriate preservation and assurance of confidentiality, integrity and availability of systems and their inherent data.
The following highlights earthwave's accreditation as they relate to our security practices and certifications:
All of earthwave's Managed Security Services staff including Operations Manager, Service Delivery Manager, SOC Manager, Security Analysts, Security Operators and Forensic Team have the HIGHLY PROTECTED clearance level from Australian Government. This forms part of each employees condition of employment.
- Payment Card Industry Data Security Standard (PCI DSS)
- Accredited by:
- Bridge Point Communications
- The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:
- Cisco Managed Services Master Certification
- Accredited by:
- Cisco Systems
The Cisco Managed Services Master Certification is for partners who sell and deliver Cisco-based managed services through a premium network operations center (NOC) investment, and offer enhanced management and stewardship practices.
These partners have managed service ITIL Foundation processes, practices, and tools for supporting Cisco advanced technologies at all lifecycle phases: prepare, plan, design, implement, operate, and optimize. The Managed Services Master Certification is proof of a partner's sophisticated managed services practices and services, reflecting the best customer experiences.
As a Cisco Master Managed Services Certified Partner, earthwave has demonstrated the ability to deliver sophisticated solutions, met stringent requirements that reflect a depth of capabilities, and undergone an independent audit by an objective third-party auditor. earthwave was also required to offer at least two managed services using the resources and procedures necessary to deploy, manage and support Cisco solutions.
- ISO/IEC 27001:2005
- Accredited by:
- SAI Global
- The registration covers the Information Security Management System for the activities of the Security Operations Centre at North Ryde NSW. AS/NZS 7799.2:2003 is based on assuring integrity, availability, and confidentiality of information assets. Assurance is attained through controls that management creates and maintains within the organisation. These are categorised as follows:
- A documented information security policy
- Allocation of information security responsibilities within the organization
- Information security education and training
- Security incident reporting and response
- Business continuity planning
- Control of proprietary software copying
- Virus detection and prevention controls
- Critical record management processes
- Protection of personal data (privacy)
- Periodic compliance reviews
- Accredited by:
- ASIO is the certification authority, nominated in the Protective Security Manual, for the protective security of Top Secret facilities in Australia. Certification is required for all new facilities and those undergoing significant refurbishment. Re-certification is required at least every five years. The earthwave North Ryde SOC is T4 certified.
- Defence Signals Directorate (DSD) Certified Gateway up to Highly Protected Classification Level
- Accredited by:
- Defence Signals Directorate (DSD)
- The Gateway Certification process is designed to assist Commonwealth agencies to minimise the risks incurred by connecting their systems to public networks such as the Internet. The certification review provides independent verification that appropriate risk management strategies have been employed in the gateway environment, and that identified countermeasures are in place and operating effectively.
- Certified Information Systems Security Professional (CISSP)
- System Security Certified Practitioner (SSCP)
- GIAC Security Essentials Certification (GSEC)
- GIAC Certified Firewall Analyst (GCFW)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Windows Security Administrator (GCWN)
- GIAC Certified UNIX Security Administrator (GCUX)
- GIAC Systems and Network Auditor (GSNA)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Information Security Fundamentals (GISF)
- GIAC IT Security Audit Essentials (GSAE)
- GIAC Certified ISO-17799 Specialist (G7799)
- GIAC Security Leadership Certification (GSLC)
- GIAC Certified Security Consultant (GCSC)
- Check Point
- Juniper (Netscreen)
- IBM ISS
- Secure Computing
- HP ArcSight
- Lumension PatchLink
Cisco Managed Services Master Certification
earthwave also was certified to offer "white label" network operation services to Cisco partners, reflecting the ability to support partner-to-partner collaboration in the deployment of Cisco based managed services.
Security Operations Centres
Certification entails an independent reviewer validating that the gateway's safeguards are operating in compliance with an organisations security policy. This requires the certifier to examine the security objectives and risk assessment to verify the residual risk.
Gateway certifications are conducted in accordance with the Gateway Certification Guide. Agencies considering certification are advised to consult the guide.
Earthwave Managed Security Services analysts are held to the highest standards of security expertise and ethical conduct. They hold industry-leading certifications administered by the International Information Systems Security Certifications Consortium, Inc., or (ISC)2, including:
Both certifications indicate demonstrated experience in the field of information security, successful completion of a rigorous examination, adherence to a Code of Ethics and participation in continuing education programs.
Earthwave Managed Security Services analysts hold individual certifications through the SANS-founded Global Information Assurance Certification (GIAC) program. Certifications held by earthwave security analysts include:
Earthwave security analysts also hold certifications in a variety of vendor platforms, including: