|
|
|
 MASP Standing Offer
Ottawa, June 2007
Elytra is pleased to announce that it has been awarded the Mission Applications Systems, Projects and Processes (MASP) Standing Offer by CSE. We qualified in Project Management. Business Analyst, IT Security Analyst, and Information Protection Strategist Categories.
Randy Sutton presents
"Planning and Managing Information Security".
See the Power Point Presentation now:
Planning and Managing IS - April 04 2006
Randy Sutton presents
"Auditing Wireless Networks - Issues and Guidelines".
See the power point presentation now:
Auditing Wireless Networks - November 1 2005
Ottawa, Ontario
June19, 2006
Stonewood invites you to Infosec Canada 2006,
Stonewood invites you to Infosec Canada 2006, the principle Information Security event of the year. Elytra represents Stonewood in the Canadian Marketplace. The Flagstone encrypted drive is now approved for securing classified information.
Ottawa, Canada
November 15th, 2004
Elytra Launches Solutions Based Security on Website
With five years of security consulting experience and in response to client demand Elytra Enterprises has decided to expand its security offerings by delivering solutions-based security to its list of select clients. Accordingly, Elytra will adopt best-of-breed approaches to meeting its customer's security requirements, providing a rational alignment of products with services. What this means for the customer is that Elytra will assist in making security decisions by recommending tools and appliances optimized to support a particular corporate security strategy. This puts the responsibility and empowerment for security exactly where it belongs, with corporate management and eliminates the typical pattern of buying boxes and then trying to understand their fit. Elytra will only recommend products after reviewing an organization's security policy
Ottawa, Canada
August 11, 2004
Market Leading Encrypted HDD, FlagStoneTM introduces
new levels
of Information Security for Canadians
With the theft of over a million dollars worth of Canadian Government computers last year (as revealed by the Globe and Mail, Oct 19), Government data is potentially at risk of exposure. Now
Ottawa based Elytra Enterprises has partnered with Stonewood Electronics, market leader from the
UK, to provide their FlagStone Encrypted Hard Disk Drives which would secure such data. Recently submitted for FIPS140-2 certification FlagStone is a fully encrypted hard disk that is simple to use yet more secure and without the inefficiencies of a software encryption solution.
In response to an increasing concern for better laptop security solutions Elytra Enterprises presented the FlagStoneT encrypted hard disk drive (HDD) designed and produced by their UK partner, Stonewood Electronics, at the recent GTEC (Government Technology) Show.More
Need Date
Ottawa, Ontario
CISM Certification Awards
Elytra is extremely pleased to announce the conferring of the Certified Information Security Manager (CISM) designation on four of its senior staff. Congratulations to Jean Seguin, Doug Bigelow, Randy Sutton, and Jack Farncombe!!!
As stated by the Information Systems Audit and Control Association (ISACA) ” the CISM is ISACA's next generation credential and is specifically geared toward experienced information security managers and those who have information security management responsibilities. CISM is designed to provide executive management with assurance that those earning the designation have the required knowledge and ability to provide effective security management and consulting. It is business-oriented and focuses on information risk management while addressing management, design and technical security issues at a conceptual level.”
Elytra is a long time member and supporter of ISACA. The complementing of the CISM with our extensive CISSP credentials makes Elytra one of the most experienced IT security companies in the Canadian marketplace.
June 7,2004
Ottawa, Ontario
New Largest Prime number Found - Over 7 Million Digits
- Elytra's Jeff Gilchrist verifies Record
IT Business.ca
High-performance network spends 11 days checking for accuracy
By Fawzia Sheikh
Jeff Gilchrist, an IT security specialist at Elytra Enterprises Inc. in Ottawa, was one of the people who verified Findley's discovery using systems at SHARCNet, a high-performance computing network connecting 11 academic institutions in south-central Ontario. (All prime numbers need to be verified to become official.)
"Since the number is so large, over seven million digits, you have to use special software to do the actual verification," Gilchrist said, adding he used an open-source program. He explained there was a chance Findley's computer had an error while it was running, giving him a false positive.
Although it took Findley two weeks to receive a positive result while testing 2 to the 24,036,583th power minus 1, Gilchrist explained he needed 10 or 11 days to test his number using four processors at SHARCNet.
Need Date
Ottawa, Ontario
Elytra Security Consultant Taking Part in NFSNET Project
Jeff Gilchrist, IT Security Specialist at Elytra Enterprises, has joined NFSNET, a state-of-the-art distributed computing project, which factors large numbers using the Number Field Sieve (NFS) algorithm. The NFSNET project could break new ground in the IT security world. The effectiveness of RSA cryptography relies on the difficulty of factoring large numbers. Therefore, as factoring capabilities are improved, RSA key sizes will need to be progressively larger in order to ensure security. In past factoring projects, part of the NFS algorithm was restricted to running on powerful computing devices (such as Cray super-computers) due to the massive calculations required. The NFSNETproject, however, uses a cluster of regular PCs connected via Gigabit Ethernet to perform this phase of the algorithm. Mr. Gilchrist, whose expertise lies in cryptography, data compression, and distributed computing, has participated in large number factoring projects previously. In 1999, he was part of a team that used NFS to perform the first RSA 512bit factorization
At the time, 512bit RSA keys were commonly used on the Internet to protect e-commerce & web sites. The success of this project advocated upgrading to 1024bit keys or higher, which are much more secure.
Need Date
Ottawa, Ontario
The Elytra Learning Centre is Now Open!
Ottawa-based IT Security Consulting company Elytra Enterprises Inc. has now opened the Elytra Learning Centre, providing current and practical training on all areas of IT Security. With in-field consultants leading each course, students can benefit from their expertise and broad hands-on experience.The Elytra Learning Centre is offering three streams of courses - Risk Management, Network Security, and a special breakfast seminar series developed specifically for Canadian Government Executives. Companies who choose the Elytra Learning Centre for their staff's training requirements will experience benefits such as customized course content, flexible dates and locations, and practical training from Elytra's top consultants, who have years of hands-on experience. For more information, contact us here >>>.
May 2003
Ottawa, Ontario
Elytra Launches Secure Messaging Product at CITSS 2003!
Elytra Enterprises Inc., an Ottawa-based IT security consulting firm, is launching SMEP, its first security software product, at the Canadian IT Security Symposium in May 2003. SMEP (Secure Messaging Environment Platform) is an instant messaging product that uses SSL to secure the contents of communications sent and received. Instant messaging systems are rapidly working their way into corporations because of their efficiency and convenience. However, most instant messaging products were intended for consumer chatting rather than secure corporate communications, sometimes leading to new and often hidden vulnerabilities. SMEP addresses these concerns by providing a means of real-time communications in a private and secure environment.Come see a live demonstration of Elytra’s SMEP at Booths 42-43 at CITSS 2003, on May 14-15, 2003.
Ottawa, Ontario
CIO Article - Elytra on the Value of CISSP Certification
The following article has been reproduced courtesy of
the author and CIO Governments Review
Certified security
Who should be trained, in what and why?
By Richard Bray
Simply buying firewalls, intrusion detection systems and anti-virus software to prevent IT disasters is like sending money to a university and expecting a PhD by return post. It's not that easy. Without trained people, the investment in IT security may be worse than useless if it leads the enterprise into false confidence.
Kevin Henry is an instructor with the IT security certification agency (ISC)2. As he noted, "Having the right people responsible for security is not unlike any other key management or operational role in that it is always a serious and often thought-provoking decision."
Security certifications, like (ISC)2's CISSP designation (Certified Information Systems Security Professional), are designed to give managers confidence that the people they hire will make the most of the security hardware and software they oversee. But the letters after the names can mean many different things, and there are lots of letters.
Rick Bellwood, senior departmental emergency response officer with Natural Resources Canada in Ottawa said, "When I think of certification, there are two sides — technical and management." Vendor-specific certifications, like those offered by Cisco or Microsoft are technical in nature, Bellwood said, but may be restricted to the range of one product, "which is great if you want to be a firewall guru." The risk is that a security practitioner might have a blind spot in other areas covered in what's called the Common Body of Knowledge.
On the management side, he continued, "The CISSP has often been described as a certification that is a mile wide and a foot deep, because it covers a vast area and you do not go into the nuts and bolts the way a technical certification would, but you definitely touch base with each one of those 10 areas in the Common Body of Knowledge."
Randy Sutton, president of Elytra Enterprises, an Ottawa-based IT security company said, "In the federal government, the de facto certification, the one that comes out on the RFP (request for proposals), is the CISSP. That's what clients ask for." Sutton said that despite the belief that the CISSP is a technical type of certification, "It is really a management and general security knowledge certification. It means you know something about security but you can't assume that someone with a CISSP knows intrusion detection or firewalls in practice. Probably about 80 per cent of those CISSPs have never actually had their hands on any equipment."
So somebody hiring a CISSP should be aware they may need other people with more specialized certifications? "Absolutely," Sutton said. "The CISSP is just a certification that gets someone in the door."
People who gradually take on security responsibilities within an organization might not recognize they lack the skills, and the perspective, to do the job properly.
"This has often led to a very narrow view of security — based only on their own experience rather than a comprehensive understanding of the many areas related to information systems security such as business continuity planning, identity management, and incident handling techniques," Kevin Henry explained. "Since they have not had either experience or exposure to those areas they often continue in their comfort zone of competence and miss many opportunities to provide further value to their organizations. This is where a certification and its associated training can provide a real eye-opening and visionary experience to security personnel."
Within CIO organizations, Randy Sutton believes, senior managers need to know that a process to assure security is in place. "If you are going to hire a general IT security manager with no background in security, or if you are going to take an IT security manager who used to be a firewall expert, you are running some risk. The higher you go in the hierarchy, the more general IT security specialists should be," Sutton said. "A good profile for a junior to intermediate IT security specialist is CISSP, Cisco CCNA (Cisco Certified Network Associate), and one or two of the SANS (SysAdmin, Audit, Network, Security Institute) specialties, such as vulnerability assessment."
In many RFPs and supply arrangements, experience and ability are rated as equivalent to formal IT security certifications, but this does not reflect a shortage of qualified personnel, according to Kevin Henry. "The shortage is in regard to practical understanding and experience — not necessarily a shortage of people. A person that is definitely interested in working in the field will obtain the necessary qualifications. Many people pay for certification training on their own for that reason."
Henry explained that managers may want to hire applicants who have demonstrated ability and understanding, "with the understanding that the applicant will obtain the required certification within a reasonable time." The trend, however, seems to be towards mandatory certification, and some government departments in the United States have made CISSP a condition of employment.
While there are no objective performance measurements that allow managers or potential students to decide which IT security qualifications are most useful, RFPs, employment listings and ratings in security publications are all indications of how the market looks at the various certifications.
In today's fast-changing environment, IT security qualifications can 'stale-date' rapidly. As NRCan's Rick Bellwood said, "It will become worthless if you don't keep on top of things, that's for sure."
He believes an IT security certification can be considered current if obtained or refreshed within six months to a year. "I think that's an acceptable norm, because you're not going to be on top of everything. The big thing right now is wireless security, and to have everything for wireless addressed right now I think is impossible," he said. "I think it's fair to say for the CISSP that it is six to 12 months. In fact we have a new release coming out over the next couple of months, and it is updated every 12 to 15 months."
For his part, Randy Sutton believes CIO organizations should consider partial outsourcing of IT security.
"On the technical side, you can always find the experts. I would contract out the technical side, because if you don't work on it every day, you lose your skills," Sutton said. He believes that after security, business resumption is the next important challenge. "Once they've done all they can to prevent the worst from happening," he said, "a prudent manager will still ask the question, 'How do I keep my business going if these precautions are circumvented?'"
For more information visit: (ISC)2 at www.isc2.org |
