earthwave

Certifications

Earthwave understands that clients need to comply with certain configuration and security standards to ensure the appropriate preservation and assurance of confidentiality, integrity and availability of systems and their inherent data.

The following highlights earthwaveÕs accreditation as they relate to our security practices and certifications:

Staff Clearances

All of earthwaveÕs Secure Internet Gateway staff including Operations Manager, Service Delivery Manager, Security Manager, Security Analysts, Security Operators and Forensic Team have the HIGHLY PROTECTED clearance level from the Australian Government. This forms part of each employees condition of employment.

Endorsed Supplier Arrangement (ESA)

The Endorsed Supplier Arrangement (ESA) is a policy under regulation 9 of the Financial Management and Accountability Regulations providing pre-qualification (endorsement) for businesses (suppliers) who sell to the Australian Government. earthwave has been endorsed under the ESA. Endorsed Suppliers are included on the ESA multi-use list (ESA MUL), as they have been assessed as satisfying the conditions for participation.Ê The conditions for participation of the ESA MUL include financial viability, maintenance of adequate insurance coverage, commitment to adhere to agreed government policies and industry standards, favourable referee reports, and adherence to the ESA endorsement rules.

Security Operations Centres

Accreditation:
ISO/IEC 27001:2005
Accredited by:
SAI Global
Description:
The registration covers the Information Security Management System for the activities of the Security Operations Centre at North Ryde NSW. AS/NZS 7799.2:2003 is based on assuring integrity, availability, and confidentiality of information assets. Assurance is attained through controls that management creates and maintains within the organisation. These are categorised as follows:
  • A documented information security policy
  • Allocation of information security responsibilities within the organization
  • Information security education and training
  • Security incident reporting and response
  • Business continuity planning
  • Control of proprietary software copying
  • Virus detection and prevention controls
  • Critical record management processes
  • Protection of personal data (privacy)
  • Periodic compliance reviews
Accreditation:
ASIO-T4
Accredited by:
ASIO
Description:
ASIO is the certification authority, nominated in the Protective Security Manual, for the protective security of Top Secret facilities in Australia. Certification is required for all new facilities and those undergoing significant refurbishment. Re-certification is required at least every five years. The earthwave North Ryde SOC is T4 certified.
Accreditation:
Defence Signals Directorate (DSD) Certified Gateway up to Highly Protected Classification Level
Accredited by:
Defence Signals Directorate (DSD)
Description:
The Gateway Certification process is designed to assist Commonwealth agencies to minimise the risks incurred by connecting their systems to public networks such as the Internet. The certification review provides independent verification that appropriate risk management strategies have been employed in the gateway environment, and that identified countermeasures are in place and operating effectively.

Certification entails an independent reviewer validating that the gateway's safeguards are operating in compliance with an organisations security policy. This requires the certifier to examine the security objectives and risk assessment to verify the residual risk.

Gateway certifications are conducted in accordance with the Gateway Certification Guide. Agencies considering certification are advised to consult the guide.

(ISC)2 Certifications

Earthwave Managed Security Services analysts are held to the highest standards of security expertise and ethical conduct. They hold industry-leading certifications administered by the International Information Systems Security Certifications Consortium, Inc., or (ISC)2, including:

  • Certified Information Systems Security Professional (CISSP)
  • System Security Certified Practitioner (SSCP)

Both certifications indicate demonstrated experience in the field of information security, successful completion of a rigorous examination, adherence to a Code of Ethics and participation in continuing education programs.

GIAC Certifications

Earthwave Managed Security Services analysts hold individual certifications through the SANS-founded Global Information Assurance Certification (GIAC) program. Certifications held by earthwave security analysts include:

  • GIAC Security Essentials Certification (GSEC)
  • GIAC Certified Firewall Analyst (GCFW)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Windows Security Administrator (GCWN)
  • GIAC Certified UNIX Security Administrator (GCUX)
  • GIAC Systems and Network Auditor (GSNA)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Information Security Fundamentals (GISF)
  • GIAC IT Security Audit Essentials (GSAE)
  • GIAC Certified ISO-17799 Specialist (G7799)
  • GIAC Security Leadership Certification (GSLC)
  • GIAC Certified Security Consultant (GCSC)

Vendor-Specific Certifications

Earthwave security analysts also hold certifications in a variety of vendor platforms, including:

  • Cisco
  • Check Point
  • McAfee
  • Juniper (Netscreen)
  • ISS
  • TippingPoint
  • Websense
  • Secure Computing
  • Nokia
  • Crossbeam
  • ArcSight
  • PatchLink
  • RSA