Abstract: . . .  electronic commerce, intrusion detection, firewalls, VPNs, and NT/Windows 2000 security at Usenix, SANs, Net- world-Interop, CSI, and InternetWorld are among the most popular and highest rated because our consultants bring years of practical experience to bear. In addition, our consultants have been technical advisors and on-air guests for CNN, Dateline NBC, WatchIT, and CBS News Radio and we wrote the authoritative reference work on Windows® 2000, the Windows® 2000 Secu- rity Handbook (Osborne McGraw-Hill). We provide consulting services on both a fixed-price and time-and-materials basis. We are flexible and we can structure . . .
. . .  looking to create an ongoing revenue stream from the certification process in the same way it has from its ISO 9000 activities. That makes for nice bonuses for the individuals who run ISO but drives up the cost of certification and restricts the pool of firms available to perform such certification. Agreement to pay fees to ISO becomes the litmus test for potential certifiers, rather than technical qualifications. Most organizations will gain substan- tially all of the benefits from the proc- ess of assessing their compliance and making changes to address any defi- ciencies. Except in unusual circum- stances, the added cost . . .
. . .  both a fixed-price and time-and-materials basis. We are flexible and we can structure any proj- ect so that it is just right for you. You will appreciate the difference of working with genuine experts who are committed to earn- ing a long term partnership with you by over-delivering and providing unmatched personal attention. Our consultants provide a wide range of services. Below is a sampling of areas in which we advise our clients. Security Consulting Our experts conduct network and host security analyses and a wide variety of penetration tests. In addition, using our signature work- shop-style methodology, our consultants . . .
. . .  of assessing whether an IT infrastructure complies with the standard and the act of for- merly certifying compliance. Only ISO approved companies can certify compliance. While ISO makes a separation of duties argument to justify this restriction, that argument is specious and self-serving. What actu- ally drives this distinction is that ISO is looking to create an ongoing revenue stream from the certification process in the same way it has from its ISO 9000 activities. That makes for nice bonuses for the individuals who run ISO but drives up the cost of certification and restricts the pool of firms available to perform such . . .
--2511,4,314,2801,12554